[Openstack-security] [Bug 1400872] Re: Show password feature should be configurable
Jeremy Stanley
fungi at yuggoth.org
Tue Dec 9 21:18:00 UTC 2014
Pretty sure this is a security hardening opportunity, not a
vulnerability for which we would publish an advisory, and so I have
classified it accordingly.
** Also affects: ossa
Importance: Undecided
Status: New
** Changed in: ossa
Status: New => Won't Fix
** Information type changed from Public Security to Public
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1400872
Title:
Show password feature should be configurable
Status in OpenStack Dashboard (Horizon):
Confirmed
Status in OpenStack Security Advisories:
Won't Fix
Bug description:
Horizon allows the password field to be displayed in plain text. This introduces a potential security risk. Imagine a user leaving their desktop unlock, if the user saved their password on the browser, a malicious user could go into the Login page and display the Openstack password.
The show password feature should be made configurable for operators
who wants a more secure deployment of Horizon.
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1400872/+subscriptions
More information about the Openstack-security
mailing list