** Changed in: unity-control-center (Ubuntu)
Status: Triaged => Fix Committed
** Description changed:
+ * Impact
+ disabling accounts which are set to "log in without password" leads to users
still able to log in
+
+ * Test case
+ - use unity-control-center to configure an user password more to "log in
without password"
+ - change the mode to "desactivated"
+ - try to log in with that user
+
+ The user shouldn't be able to log in
+
+ * Regression potential
+ check that the different password modes work as they should
+
+ --------
+
If a user is set to login without a password and subsequently the
account is disabled, the user is not removed from the nopassword login
group. The result is that the user can still login even though the admin
has disabled to account.
This is a security issue and is present in 12.04, 13.10, and 14.04.
This stems from the failure to reset to the password mode away from
password_mode_none to password_mode_regular.
I have submitted a merge proposal to fix this at
https://code.launchpad.net/~echaskes/unity-control-center/fix-user-
password-dialog
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to unity-control-center in Ubuntu.
https://bugs.launchpad.net/bugs/1314886
Title:
Changing user from no password login to disabled leaves user in no
password login group
Status in “unity-control-center” package in Ubuntu:
Fix Committed
Bug description:
* Impact
disabling accounts which are set to "log in without password" leads to users
still able to log in
* Test case
- use unity-control-center to configure an user password more to "log in
without password"
- change the mode to "desactivated"
- try to log in with that user
The user shouldn't be able to log in
* Regression potential
check that the different password modes work as they should
--------
If a user is set to login without a password and subsequently the
account is disabled, the user is not removed from the nopassword login
group. The result is that the user can still login even though the
admin has disabled to account.
This is a security issue and is present in 12.04, 13.10, and 14.04.
This stems from the failure to reset to the password mode away from
password_mode_none to password_mode_regular.
I have submitted a merge proposal to fix this at
https://code.launchpad.net/~echaskes/unity-control-center/fix-user-
password-dialog
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unity-control-center/+bug/1314886/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
