Uploaded image for project: 'Puppet Enterprise'
  1. Puppet Enterprise
  2. ENTERPRISE-1244

Console login page, username/password combination entry incorrect message

    XMLWordPrintable

Details

    • New Feature
    • Status: Open
    • Critical
    • Resolution: Unresolved
    • PE 2019.0.2
    • None
    • Console, Console Auth
    • Production.

    • Chrome
    • Monolithic
    • RHEL 7 (x86_64)
    • RHEL 7 (x86_64)
    • Hide

      The message states something similar to "The username/password combination entered is incorrect. If you believe you have received this message in error, please contact the administrator." when a user enters the wrong username or password on the console.

      Show
      The message states something similar to "The username/password combination entered is incorrect. If you believe you have received this message in error, please contact the administrator." when a user enters the wrong username or password on the console.
    • Dumpling
    • Reviewed
    • 34254,34984,46928
    • 3
    • Needs Assessment

    Description

      Security vulnerability, by disclosing directory structure information.

      Console login page, username/password combination entry incorrect message

      change from

      "The username/password combination entered is incorrect. If you believe you have received this message in error, please consult the logs at /var/log/puppetlabs/console-services/console-service.log."

      to

      "The username/password combination entered is incorrect. If you believe you have received this message in error, please contact the administrator."

      Setting found in the following part of the console-ui repo:

      pe-console-ui/src/puppetlabs/pe_console_auth_ui/routes.clj

      pe-console-ui/locales/ja.po

      pe-console-ui/locales/pe-console-ui.pot

      part of the console-services jar{{}}

      Attachments

        Activity

          People

            Unassigned Unassigned
            andrewkzimmerman Andrew K. Zimmerman
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:

              Zendesk Support