Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-7223

processSoftTokenReq method requires end entity profile to allow clear text password

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.14.1
    • Component/s: None
    • Labels:
      None
    • Issue discovered during:
      Customer
    • Sprint:
      EJBCA Sprint 18

      Description

      the method CertificateRequestSessionBean.processSoftTokenReq calls addOrEditUser with true for clearPwd. This is now needed and should not be used. Setting this to true requires the EE profile to allow clear text passwords, and you don't even want to allow that in security installations.

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                tomas Tomas Gustavsson
                Reporter:
                tomas Tomas Gustavsson
                Verified by:
                Mike Agrenius Kushner
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 1 hour
                  1h
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 hour
                  1h