[
https://issues.apache.org/jira/browse/VCL-562?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andy Kurth resolved VCL-562.
----------------------------
Resolution: Fixed
> Automatically disable user accounts known to be insecure stored in Windows
> images
> ---------------------------------------------------------------------------------
>
> Key: VCL-562
> URL: https://issues.apache.org/jira/browse/VCL-562
> Project: VCL
> Issue Type: New Feature
> Components: database, vcld (backend)
> Affects Versions: 2.2.1
> Reporter: Andy Kurth
> Assignee: Andy Kurth
> Priority: Minor
> Fix For: 2.4
>
>
> It is somewhat common where a user account is manually created by a user
> creating an image and the user account is left in the image when it is saved.
> There are cases where this is useful and intentional such as creating a user
> account that is used to run a service.
> There are also cases where this is unintentional and insecure if a weak
> password is set on the user account. An example would be where an image
> creator creates a user account named "Profile" which is used to customize the
> default user profile. This account may have a weak password. The image
> creator logs in as "Profile", customizes the desktop, then copies the profile
> stored under "Profile" to "Default User". The "Profile" user is not deleted
> from the image when it is captured.
> If this image is then used to create child images the problem could spread.
> It would be useful to be able to store a list of known-bad usernames in the
> database. Any images containing user accounts matching any in this list
> would have the users accounts disabled when the image is loaded.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
