Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-31139

Administrator feature to trigger a local user account password reset does not follow security best practice

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.14.21
    • Fix Version/s: 2.15.0
    • Component/s: Security
    • Labels:

      Description

      There is a feature that allows an admin user to select a local user account in the users list, right-click the user entry and choose "reset password" from the menu.

      The feature relies on resetting passwords in an insecure way and thus the feature should be removed from product.

      Expected

      Remove the feature to trigger a password reset of a local user account. The admin user can still explicitly set a local user's password to a new value.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            plynch Peter Lynch
            Last Updated By:
            Peter Lynch Peter Lynch
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                tigCommentSecurity.panel-title