[jira] [Updated] (COUCHDB-2364) plaintext admin password remains visible if there are two [admin] sections

Javier Candeira (JIRA) Tue, 07 Oct 2014 18:37:44 -0700

     [ 
https://issues.apache.org/jira/browse/COUCHDB-2364?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Javier Candeira updated COUCHDB-2364:
-------------------------------------
    Priority: Critical  (was: Major)

> plaintext admin password remains visible if there are two [admin] sections
> --------------------------------------------------------------------------
>
>                 Key: COUCHDB-2364
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-2364
>             Project: CouchDB
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: Database Core
>            Reporter: Javier Candeira
>            Priority: Critical
>
> How to reproduce:
> 1.
> Make a local.ini document with two [admin] sections, and the user = password 
> line in the second one, as the dev/run script did as of github commit 
> d3094366b6775e7a54:
> ```
> [admins]
> ;admin = mysecretpassword
> [admins]
> candeira = candeira
> ```
> 2.
> CouchDB process will not replace the plaintext password, but merely edit in 
> the hashed password under the first [admin] section, and leave the second one 
> unchanged:
> ```
> [admins]
> ;admin = mysecretpassword
> candeira = 
> -pbkdf2-a64e124a06c9c287d5b6ce260cd9c3da4049fe2d,28ea667261c84a53a5f1d92e83f2976d,10
> [admins]
> candeira = candeira
> ```



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (COUCHDB-2364) plaintext admin password remains visible if there are two [admin] sections

Reply via email to