accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Allen (JIRA)" <j...@apache.org>
Subject [jira] [Created] (ACCUMULO-1720) Accumulo saves user passwords in the clear (including the root password) in Zookeeper
Date Wed, 18 Sep 2013 03:39:53 GMT
Michael Allen created ACCUMULO-1720:
---------------------------------------

             Summary: Accumulo saves user passwords in the clear (including the root password)
in Zookeeper
                 Key: ACCUMULO-1720
                 URL: https://issues.apache.org/jira/browse/ACCUMULO-1720
             Project: Accumulo
          Issue Type: Bug
          Components: tserver
    Affects Versions: 1.5.0
            Reporter: Michael Allen


In reviewing some of the security around users, it came to my attention that Accumulo stores
passwords within Zookeeper in the clear.  Grepping through Zookeeper's data files proves this
out (as does inspecting the code).

These passwords should be stored heavily salted and hashed.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message