[jira] [Commented] (VCL-562) Automatically disable user accounts known to be insecure stored in images

Wed, 28 Jan 2015 14:09:07 -0800 

    [ 
https://issues.apache.org/jira/browse/VCL-562?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14295946#comment-14295946
 ] 

ASF subversion and git services commented on VCL-562:
-----------------------------------------------------

Commit 1655483 from [~arkurth] in branch 'vcl/trunk'
[ https://svn.apache.org/r1655483 ]

VCL-562
Added imagerevisioninfo table to database.

Added windows_ignore_users and windows_disable_users to variable table.

Updated Windows.pm::post_load to call check_image subroutine.

> Automatically disable user accounts known to be insecure stored in images
> -------------------------------------------------------------------------
>
>                 Key: VCL-562
>                 URL: https://issues.apache.org/jira/browse/VCL-562
>             Project: VCL
>          Issue Type: New Feature
>          Components: database, vcld (backend)
>    Affects Versions: 2.2.1
>            Reporter: Andy Kurth
>            Assignee: Andy Kurth
>            Priority: Minor
>             Fix For: 2.4
>
>
> It is somewhat common where a user account is manually created by a user 
> creating an image and the user account is left in the image when it is saved. 
>  There are cases where this is useful and intentional such as creating a user 
> account that is used to run a service.
> There are also cases where this is unintentional and insecure if a weak 
> password is set on the user account.  An example would be where an image 
> creator creates a user account named "Profile" which is used to customize the 
> default user profile.  This account may have a weak password.  The image 
> creator logs in as "Profile", customizes the desktop, then copies the profile 
> stored under "Profile" to "Default User".   The "Profile" user is not deleted 
> from the image when it is captured.
> If this image is then used to create child images the problem could spread.  
> It would be useful to be able to store a list of known-bad usernames in the 
> database.  Any images containing user accounts matching any in this list 
> would have the users accounts disabled when the image is loaded.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to