Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 595694 - Satellite sends misleading error message when wrong login/password is sent during registration
Summary: Satellite sends misleading error message when wrong login/password is sent du...
Alias: None
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Registration
Version: 530
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Michael Mráka
QA Contact: Red Hat Satellite QA List
Depends On:
TreeView+ depends on / blocked
Reported: 2010-05-25 11:55 UTC by Michael Mráka
Modified: 2014-07-04 13:26 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2014-07-04 13:26:56 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Michael Mráka 2010-05-25 11:55:09 UTC
Description of problem:
Satellite returns misleading error messages sometimes containing security sensitive information (e.g. account exists).

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. run rhn_register
2. click through to 'Choose an update location' page
3. check 'Red Hat Network Satellite' and fill address of an existing satellite 5.3
4. fill wrong username/password and click Forward

Actual results:
depending whether username exists on satellite and password length error window says
 Error Class Code: 3
 Error Class Info: This login is already taken, or the password is incorrect.
 There was an error while logging in....
 and /var/log/up2date contains
  Error Message:
    password must be at least 5 characters
 Error Class Code: 2001
 Error Class Info: 
     RHN Satellite user creation is not allowed via rhn_register...

Expected results:
The same error message which Hosted sends, i.e.
Error Class Code: 3
Error Class Info: The login or password is incorrect.

Additional info:
This is more generally about removing old register_user, new_user, etc. stuff which Hosted removed some time ago.

Note You need to log in before you can comment on or make changes to this bug.