Maniphest T2492

Do not set encrypted user password when it is not changed
Closed, ResolvedPublicFEATURE REQUEST
Actions

Assigned To

Authored By

	c-po
	May 22 2020, 9:50 AM

Tags

Referenced Files

None

Subscribers

Description

On every system boot the encrypted user password is written from the config into theoperating system. This information will leak into the generated bootchart when debugging the system startup time issue.

Only pass the encrypted string to the operating system when the password is really changed.

As the system boot timing option is for deleopers only and rather new this does not pose a security risk, to enable it read https://docs.vyos.io/en/latest/contributing/development.html#boot-timing.

Details

Version: -
Is it a breaking change?: Behavior change
Issue type: Feature (new functionality)

Related Objects

Mentioned In: rVYOSONEXdab9ff51238d: login: T2492: remove empty plaintext-password node
T2725: Config fails to load if user has no password
rVYOSONEX63fce1034230: login: T2492: must use try/except when adding user for the first time
rVYOSONEXa46ceed84c55: login: T2492: re-use code from vyos.util
rVYOSONEX38747960151d: login: T2492: force setting of encrypted password on first boot
rVYOSONEX4414803c3558: login: T2492: fix flake8 warnings
rVYOSONEXa07e22377ab8: login: T2492: do not set encrypted user password when it is not changed

Event Timeline

c-po created this task.May 22 2020, 9:50 AM

c-po closed this task as Resolved.

c-po claimed this task.

c-po triaged this task as High priority.

c-po edited a custom field.

c-po changed Is it a breaking change? from Unspecified (possibly destroys the router) to Behavior change.

c-po mentioned this in rVYOSONEXa07e22377ab8: login: T2492: do not set encrypted user password when it is not changed.May 22 2020, 10:09 AM

c-po mentioned this in rVYOSONEX4414803c3558: login: T2492: fix flake8 warnings.May 22 2020, 10:30 AM

c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.May 22 2020, 10:37 AM

pasik subscribed.May 22 2020, 12:15 PM

c-po mentioned this in rVYOSONEX38747960151d: login: T2492: force setting of encrypted password on first boot.May 22 2020, 1:35 PM

c-po mentioned this in rVYOSONEXa46ceed84c55: login: T2492: re-use code from vyos.util.

c-po mentioned this in rVYOSONEX63fce1034230: login: T2492: must use try/except when adding user for the first time.May 22 2020, 3:26 PM

varesa mentioned this in T2725: Config fails to load if user has no password.Jul 22 2020, 1:25 PM

c-po mentioned this in rVYOSONEXdab9ff51238d: login: T2492: remove empty plaintext-password node.Oct 9 2020, 5:15 PM

erkin set Issue type to improvement.Aug 30 2021, 6:05 AM

erkin removed a subscriber: Global Notifications.

syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Aug 30 2022, 2:01 PM

syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.

dmbaturin set Issue type to Feature (new functionality).Nov 8 2024, 10:49 AM