Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-74858

Missing password length validation for users in jenkins own database (In FIPS mode)

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • core
    • None

      1. Go to Manage Jenkins > Users

      2. Configure an existing user

      3. Update the password with a short value (less than 14 characters)

      4. You don’t get a validation message → You should get the validation

      Click on the Save button → The password is updated

      NOTE: Another way of updating the password with a non-compliant value:

      1. Log in

      2. Go to User > Configure through the top menu

      3. Update the password with a short value (less than 14 characters)

      4. You don’t get a validation message → You should get the validation

      5. Click on the Save button → The password is updated

      Acceptance criteria
      Fix the error

          [JENKINS-74858] Missing password length validation for users in jenkins own database (In FIPS mode)

          Tejas created issue -
          Tejas made changes -
          Issue Type Original: Task [ 3 ] New: Bug [ 1 ]
          Tejas made changes -
          Description Original: 1. Go to Manage Jenkins > Security and make sure the Security Realm is “Jenkins' own 
          user database”

          2. Go to Manage Jenkins > Users

          3. Click on Create User

          4. Add a new user with a short password (less than 14 characters)

          5. You don’t get the validation until you don’t click the button → Validations should
          happen when losing the focus.

          Once it is created it is possible to update to a non-compliant password

          1. Go to Manage Jenkins > Users

          2. Configure an existing user

          3. Update the password with a short value (less than 14 characters)

          4. You don’t get a validation message → You should get the validation

          Click on the Save button → The password is updated

          {*}NOTE{*}: Another way of updating the password with a non-compliant value:

          1. Log in

          2. Go to User > Configure through the top menu

          3. Update the password with a short value (less than 14 characters)

          4. You don’t get a validation message → You should get the validation

          5. Click on the Save button → The password is updated

          *Acceptance criteria*
          Fix the error

          Make sure beescloud documentation is updated

          Note: ticket created as bug but it could be a task if we don’t want to add any release notes
          New: 1. Go to Manage Jenkins > Users

          2. Configure an existing user

          3. Update the password with a short value (less than 14 characters)

          4. You don’t get a validation message → You should get the validation

          Click on the Save button → The password is updated

          {*}NOTE{*}: Another way of updating the password with a non-compliant value:

          1. Log in

          2. Go to User > Configure through the top menu

          3. Update the password with a short value (less than 14 characters)

          4. You don’t get a validation message → You should get the validation

          5. Click on the Save button → The password is updated

          *Acceptance criteria*
          Fix the error

          Make sure beescloud documentation is updated

          Note: ticket created as bug but it could be a task if we don’t want to add any release notes
          Tejas made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          Tejas made changes -
          Assignee New: Tejas [ tejas_drolia ]
          Tejas made changes -
          Status Original: In Progress [ 3 ] New: In Review [ 10005 ]
          Tejas made changes -
          Link New: This issue is related to JENKINS-74918 [ JENKINS-74918 ]
          Tejas made changes -
          Remote Link New: This issue links to "OSS PR (Web Link)" [ 30254 ]
          Tejas made changes -
          Description Original: 1. Go to Manage Jenkins > Users

          2. Configure an existing user

          3. Update the password with a short value (less than 14 characters)

          4. You don’t get a validation message → You should get the validation

          Click on the Save button → The password is updated

          {*}NOTE{*}: Another way of updating the password with a non-compliant value:

          1. Log in

          2. Go to User > Configure through the top menu

          3. Update the password with a short value (less than 14 characters)

          4. You don’t get a validation message → You should get the validation

          5. Click on the Save button → The password is updated

          *Acceptance criteria*
          Fix the error

          Make sure beescloud documentation is updated

          Note: ticket created as bug but it could be a task if we don’t want to add any release notes
          New: 1. Go to Manage Jenkins > Users

          2. Configure an existing user

          3. Update the password with a short value (less than 14 characters)

          4. You don’t get a validation message → You should get the validation

          Click on the Save button → The password is updated

          {*}NOTE{*}: Another way of updating the password with a non-compliant value:

          1. Log in

          2. Go to User > Configure through the top menu

          3. Update the password with a short value (less than 14 characters)

          4. You don’t get a validation message → You should get the validation

          5. Click on the Save button → The password is updated

          *Acceptance criteria*
          Fix the error
          Tejas made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: In Review [ 10005 ] New: Resolved [ 5 ]
          Mark Waite made changes -

            tejas_drolia Tejas
            tejas_drolia Tejas
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: