[jira] [Updated] (ACCUMULO-1720) Accumulo saves the root user's password in the clear in Zookeeper

Michael Allen (JIRA) Tue, 17 Sep 2013 20:52:20 -0700

     [ 
https://issues.apache.org/jira/browse/ACCUMULO-1720?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Michael Allen updated ACCUMULO-1720:
------------------------------------

    Summary: Accumulo saves the root user's password in the clear in Zookeeper  
(was: Accumulo saves user passwords in the clear (including the root password) 
in Zookeeper)
    
> Accumulo saves the root user's password in the clear in Zookeeper
> -----------------------------------------------------------------
>
>                 Key: ACCUMULO-1720
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-1720
>             Project: Accumulo
>          Issue Type: Bug
>          Components: tserver
>    Affects Versions: 1.5.0
>            Reporter: Michael Allen
>
> In reviewing some of the security around users, it came to my attention that 
> Accumulo stores passwords within Zookeeper in the clear.  Grepping through 
> Zookeeper's data files proves this out (as does inspecting the code).
> These passwords should be stored heavily salted and hashed.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (ACCUMULO-1720) Accumulo saves the root user's password in the clear in Zookeeper

Reply via email to