Closed Bug 555746 Opened 14 years ago Closed 14 years ago

Provide Support For Required Password Rotation for Users

Tracking

()

Status:

RESOLVED DUPLICATE of bug 284570

People

(Reporter: mcoates, Unassigned)

References

Details

Michael Coates [:mcoates] (acct no longer active)

Reporter

Description

•

14 years ago

Issue:

Functionality is not present for an admin to define a password rotation policy which would require users to change their password after a defined number of days.

The risk is that a compromised password could be used indefinitely. There is also a minimal risk that an attacker could brute force a password each day subject to the account lockout control.

Recommended Resolution:

Provide support to allow a bugzilla admin to define a password rotation policy for users. In addition, it would be beneficial if the policy could be customized per group - with a user bound by the most stringent rotation policy of all groups they are a member of.

Michael Coates [:mcoates] (acct no longer active)

Reporter

Updated

•

14 years ago

Blocks: q2-review-bmo

Frédéric Buclin

Comment 1

•

14 years ago

See especially bug 284570 comment 3, which is what you are requesting here.

And this is neither a major issue nor a security bug.

Group: bugzilla-security

Severity: major → enhancement

Status: NEW → RESOLVED

Closed: 14 years ago

Resolution: --- → DUPLICATE

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Provide Support For Required Password Rotation for Users

Categories

(Bugzilla :: Administration, task)

Tracking

()

People

(Reporter: mcoates, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1