Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-23475

Audit for password change doesn't have indication it's for password change

    Details

    • Type: Bug
    • Status: New
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 3.22.0, 3.23.0
    • Fix Version/s: None
    • Component/s: Audit, Security
    • Labels:

      Description

      I noticed that the audit for password change in an account appears as follows:

      {"timestamp":"2020-04-08 18:25:30,466-0400","nodeId":"D899A429-08859F9A-6981324C-DAC79C22-DCCB95DC","initiator":"admin/127.0.0.1","domain":"security.user","type":"updated","context":"admin","attributes":{"id":"admin","name":"Admin User","email":"admin@sonatype.whatever","source":"default","status":"active","roles":"nx-admin"}}
      

      Without knowing what all these values were before hand, I see no indicator that this is about a password change at all. I feel like this may be important for some auditors to know, so am filing to get ahead of a possible issue.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            jtom Joe Tom
            Last Updated By:
            Matthew Piggott Matthew Piggott
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:

                tigCommentSecurity.panel-title