[
https://issues.apache.org/jira/browse/ACCUMULO-1720?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Allen updated ACCUMULO-1720:
------------------------------------
Description:
In reviewing some of the security around users, it came to my attention that
Accumulo stores the root user's password within Zookeeper in the clear.
Grepping through Zookeeper's data files proves this out (as does inspecting the
code).
This passwords should be stored heavily salted and hashed, as the other user
passwords are. Is there any reason why it isn't?
was:
In reviewing some of the security around users, it came to my attention that
Accumulo stores passwords within Zookeeper in the clear. Grepping through
Zookeeper's data files proves this out (as does inspecting the code).
These passwords should be stored heavily salted and hashed.
> Accumulo saves the root user's password in the clear in Zookeeper
> -----------------------------------------------------------------
>
> Key: ACCUMULO-1720
> URL: https://issues.apache.org/jira/browse/ACCUMULO-1720
> Project: Accumulo
> Issue Type: Bug
> Components: tserver
> Affects Versions: 1.5.0
> Reporter: Michael Allen
>
> In reviewing some of the security around users, it came to my attention that
> Accumulo stores the root user's password within Zookeeper in the clear.
> Grepping through Zookeeper's data files proves this out (as does inspecting
> the code).
> This passwords should be stored heavily salted and hashed, as the other user
> passwords are. Is there any reason why it isn't?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
