Description of problem: Open UserDrake, select a user, click on edit. Now you can see crypted passoword into their field. I have e foo user with password foo that i want to change to foo1. Add 1 to last character of password fields and click ok. Password is saved, but you can't login any more. Better showing an empty input field imho instead of setting as some fake characthers (blanks in this case). Same behaviour in git code. Reproducible: Steps to Reproduce:
I don't agree here. The same happens in browser if you have saved your password and at changing one field is filled with asterisks. You have to know that the field is filled with those exact symbols, they just show how long your current password is (so you can be sure that you are changing the right password) but if you want to change it you have to empty the field first.
CC: (none) => mageiaSeverity: major => normal
Having a feed back is great :) Well it's my opinion. But i asked to someone else also. I think it non sense to have a password shown in the field since it's not the user password. And it's written nowhere that you have to delete it first. So i believe a user, o don't speak about admins they probably use command line, does not understand if there is his password or not, and lenght is not significant since we can show more or less characters, so yes my example is maybs silly, but what you get is that you cannot login any more without changing password from root again. While if an empty field is shown every character you add, is just what you wrote... but that is my opinion of course :)
Anf more over "Add User" does not show fake * into password fiels for instance.
Mageia 3 changed to end-of-life (EOL) status 4 months ago. http://blog.mageia.org/en/2014/11/26/lets-say-goodbye-to-mageia-3/ Mageia 3 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Mageia please feel free to click on "Version" change it against that version of Mageia and reopen this bug. Thank you for reporting this bug and we are sorry it could not be fixed. -- The Mageia Bugsquad
Resolution: (none) => OLDStatus: NEW => RESOLVED
Still valid either in mga4 or in cauldron
Status: RESOLVED => REOPENEDResolution: OLD => (none)Version: 3 => Cauldron
Keywords: (none) => USABILITYCC: (none) => thierry.vignaud
@ Angelo If it is decided to have an empty password field instead of the 5 bullets that are shown now for existing passwords, wouldn't that be just as much a "lie"? WDYT about replacing Password: Confirm password: With e.g.: Password: (Empty this field before entering a new password) Confirm password: (Empty this field before entering a new password) ?
CC: (none) => marja11Assignee: bugsquad => mageiatools
Well now that I'm two years older i understand that from security point of view this bug has not that much sense. Anyway userdrake iirc works as you said Marja, the problem i saw is that you can click on the field without removing the bullets, so you could think to change your password (edit) adding some new characters. But instead of having oldpwd+new_chars you got only new_chrs or worst (i'm not sure bullets are empty string in the field) random_chars+new_chars. That means you cannot loggin in any more if not changing the password from root.