Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-25238

Updating a user's password does not validate the administrator's current password.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Duplicate
    • 2.7.0
    • 2.7.4
    • None
    • None

    Description

      When updating a user's password as an Ambari Administrator via the UI, the acting administrator user is prompted for their password...

      The password is never validated by the backend to end sure it is correct for the acting user. To keep consistency with 2.6 line, the password of the acting user should be verified.

      The current implementation does require that if the acting user is not an Ambari Administrator user, the acting user may only change their own password and must supply their current password as well as the new password:

      Example: 

      curl -H "X-Requested-By:ambari"  -u user_a:hadoop -X PUT -d '{ "Users" : { "old_password" : "hadoop", "password" : "hadoop_1234" } }' http://localhost:8080/api/v1/users/user_a

      Attachments

        Issue Links

          Blocked

          Bug - A problem which impairs or prevents the functions of the product. AMBARI-25201 Updating a user's password does not validate the administrator's current password.

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              bsari Balázs Bence Sári
              bsari Balázs Bence Sári
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: