Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 225163 - Able to register to webqa with valid username/any password
Summary: Able to register to webqa with valid username/any password
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Network
Classification: Red Hat
Component: RHN/Backend
Version: RHN Devel
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Jesus M. Rodriguez
QA Contact: Corey Welton
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-01-29 16:11 UTC by Jay Turner
Modified: 2015-01-08 00:15 UTC (History)
3 users (show)

Fixed In Version: 5.0.0
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-02-12 20:24:50 UTC


Attachments (Terms of Use)

Description Jay Turner 2007-01-29 16:11:07 UTC
Description of problem:
With rhn-client-tools-0.4.8-1.el5.noarch going against webqa (as it sits at
11:00 on 29.1.2007) I'm able to register against webqa using a valid username
and any password I care to enter.

1) run rhn_register
2) at the Update Location screen, enter
"https://xmlrpc.rhn.webqa.redhat.com/XMLRPC" as the location and continue
3) enter a valid username and any password you like

Will work.

Really shouldn't work.

Comment 1 Jay Turner 2007-01-29 16:12:18 UTC
Proposing as RHEL5 blocker, as otherwise this code might make it to the live
site.  Need some sort of resolution prior to that.

Comment 2 Máirín Duffy 2007-01-29 22:25:35 UTC
may be related to bug 223515


Comment 3 Jesus M. Rodriguez 2007-02-02 02:23:13 UTC
TEST PLAN
-----------
1) ping xmlrpc.rhn.webqa.redhat.com
2) edit /etc/hosts with the following:
   <ip address from above ping> xmlrpc.rhn.redhat.com

   While this seems silly, it goes through the "hosted" code path which 
   is important to test versus the one mentioned in step 2 of original comment

3) Continue with Step 1 & 3 from Original Comment.

Comment 4 Corey Welton 2007-02-08 16:12:01 UTC
QA Verified -- can no longer login using an arbitrary password.


Comment 5 Jay Turner 2007-02-12 20:24:50 UTC
Closing out.


Note You need to log in before you can comment on or make changes to this bug.