Hello Johannes, nice catch! You're right and I've applied your patch.
http://git.fedorahosted.org/git/?p=spacewalk.git;a=commitdiff;h=84e41ff5bf8daa60b7329a7f45e32bb48c53d091 Thank you very much! Regards, Tomas -- Tomas Lestach RHN Satellite Engineering, Red Hat On 01/27/2011 04:21 PM, Johannes Renner wrote:
Hello, There seems to be a bug in the Spacewalk Java code that allows a user to set whatever password regardless of any errors (e.g. length< minlength), as long as the desired and confirm password are equal. It is even possible to set a user's password to the empty string, which results in not being able to login anymore after sign out! Attached is a patch that fixes the problem. Greetings, Johannes Renner _______________________________________________ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
_______________________________________________ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel