Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 595694

Summary: Satellite sends misleading error message when wrong login/password is sent during registration
Product: Red Hat Satellite 5 Reporter: Michael Mráka <mmraka>
Component: RegistrationAssignee: Michael Mráka <mmraka>
Status: CLOSED DEFERRED QA Contact: Red Hat Satellite QA List <satellite-qa-list>
Severity: low Docs Contact:
Priority: low    
Version: 530   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-07-04 13:26:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Michael Mráka 2010-05-25 11:55:09 UTC
Description of problem:
Satellite returns misleading error messages sometimes containing security sensitive information (e.g. account exists).

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. run rhn_register
2. click through to 'Choose an update location' page
3. check 'Red Hat Network Satellite' and fill address of an existing satellite 5.3
4. fill wrong username/password and click Forward

Actual results:
depending whether username exists on satellite and password length error window says
 Error Class Code: 3
 Error Class Info: This login is already taken, or the password is incorrect.
 There was an error while logging in....
 and /var/log/up2date contains
  Error Message:
    password must be at least 5 characters
 Error Class Code: 2001
 Error Class Info: 
     RHN Satellite user creation is not allowed via rhn_register...

Expected results:
The same error message which Hosted sends, i.e.
Error Class Code: 3
Error Class Info: The login or password is incorrect.

Additional info:
This is more generally about removing old register_user, new_user, etc. stuff which Hosted removed some time ago.