[Bug 393730] New: inst_user_first. ycp advises users to use passwords without special characters
https://bugzilla.novell.com/show_bug.cgi?id=393730 Summary: inst_user_first.ycp advises users to use passwords without special characters Product: openSUSE 11.0 Version: Beta 3plus Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: lnussel@novell.com QAContact: jsrain@novell.com CC: security-team@suse.de Found By: --- inst_user_first.ycp advises users to use passwords "without special characters". It actually wants say that one should not use umlauts, however the way it is written (and then translated to e.g. German(!)) makes it sound like no 'special' characters like $, %, & etc should be used. Later in the text it does explain why Umlauts should be avoided more precisely but no hint is given about how good password look like (and good password should contain non-alphanumeric chars). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=393730 Andreas Jaeger <aj@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.provo.novell.com |locilka@novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=393730 Lukas Ocilka <locilka@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|locilka@novell.com |jsuchome@novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=393730 User jsuchome@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=393730#c1 Jiří Suchomel <jsuchome@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |LATER --- Comment #1 from Jiří Suchomel <jsuchome@novell.com> 2008-05-22 23:40:53 MST --- Too late for text changes now. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=393730 User meissner@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=393730#c2 Marcus Meissner <meissner@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Major |Critical Status|RESOLVED |REOPENED Resolution|LATER | Flag| |SHIP_STOPPER? --- Comment #2 from Marcus Meissner <meissner@novell.com> 2008-05-23 00:56:41 MST --- Its pretty much a security misfeature :/ -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=393730 User jsuchome@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=393730#c3 Jiří Suchomel <jsuchome@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |NEEDINFO Info Provider| |meissner@novell.com --- Comment #3 from Jiří Suchomel <jsuchome@novell.com> 2008-05-23 01:24:29 MST --- So, here are the parts of the help text relevant to password creation: "When entering a password, distinguish between uppercase and lowercase. Passwords should not contain any special characters, such as accented characters. With the current password encryption (Blowfish), the password length should be between 5 and 72 characters. For the password, use only characters that can be found on an English keyboard layout. In cases of system error, it may be necessary to log in without a localized keyboard layout. To ensure that the password was entered correctly, repeat it exactly in a second field. Do not forget your password." I admit it can be better, but it is no that misleading as reported. This text same for quite a long time, so I wonder why there would be security issue right now. I've closed the bug because if the texts would be changed now, they would not get translated. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=393730 User meissner@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=393730#c4 Marcus Meissner <meissner@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |RESOLVED Info Provider|meissner@novell.com | Resolution| |LATER Flag|SHIP_STOPPER? | --- Comment #4 from Marcus Meissner <meissner@novell.com> 2008-05-23 02:21:30 MST --- yeah. does not look as bad as it originally sounded. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=393730 User coolo@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=393730#c5 Stephan Kulow <coolo@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|LATER | --- Comment #5 from Stephan Kulow <coolo@novell.com> 2008-06-25 03:11:56 MDT --- mass reopening of later+remind bugs of 11.0 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=393730 User jsuchome@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=393730#c6 Jiří Suchomel <jsuchome@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Critical |Normal Status|REOPENED |NEEDINFO Info Provider| |lnussel@novell.com --- Comment #6 from Jiří Suchomel <jsuchome@novell.com> 2008-06-25 03:19:03 MDT --- Ludwing, any ideas for better wording? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=393730 User lnussel@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=393730#c7 Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |REOPENED Info Provider|lnussel@novell.com | --- Comment #7 from Ludwig Nussel <lnussel@novell.com> 2008-06-25 03:28:08 MDT --- s/special characters/umlauts/ -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=393730 User jsuchome@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=393730#c8 Jiří Suchomel <jsuchome@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |ASSIGNED --- Comment #8 from Jiří Suchomel <jsuchome@novell.com> 2008-06-25 03:41:55 MDT --- Not very good. There exists other stuff, not only umlaut which are german specific. I'll use "Passwords should not contain any special characters, such as accented characters or umlauts". -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=393730 User lnussel@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=393730#c9 --- Comment #9 from Ludwig Nussel <lnussel@novell.com> 2008-06-25 04:14:18 MDT --- That will lead to the same confusing translation. "special characters" means "Sonderzeichen" in German and those are $, % etc. What about "Passwords should not contain accented characters or umlauts". Maybe merge that with the sentence that comes later that explains the connectoin to the english keyboard layout. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=393730 User jsuchome@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=393730#c10 --- Comment #10 from Jiří Suchomel <jsuchome@novell.com> 2008-06-25 05:38:16 MDT --- Maybe it would help to fix the German translation instead. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=393730 User jsuchome@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=393730#c11 Jiří Suchomel <jsuchome@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #11 from Jiří Suchomel <jsuchome@novell.com> 2008-07-08 02:33:44 MDT --- fixed in svn -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com