This is a class D type of bug ( https://security.openstack.org/vmt-
process.html#incident-report-taxonomy ).
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1461433
Title:
Automatically generated admin password is not complex enough
Status in OpenStack Compute (Nova):
New
Status in OpenStack Security Advisories:
Won't Fix
Bug description:
When performing actions such as create instances, evacuate instances,
rebuild instances, rescue instances and update instances' admin
password. When the user dose not provide admin password,
generate_password() in utils.py is used to generate an admin password.
Generate_password() now uses two password symbol groups: default and
easier, the default symbol group contains numbers, upper case letters
and small case letters. the easier symbol group contains only numbers
and upper case letters. The generated password is not complex enough
and can cause security problems.
One possible solution is to add a new symbol group:
STRONGER_PASSWORD_SYMBOLS which contains numbers, upper case letters,
lower case letters and also special characters such as
`~!@#$%^&*()-_=+ and space. Then adding a new option in configuration
file: generate_strong_password = True, when this option is set, nova
will generate password using STRONGER_PASSWORD_SYMBOLS symbol group
and with longer password length. If this option is not set, the
password will be generated using the default symbol group and default
length.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1461433/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
