If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Provide Support For Required Password Rotation for Users

RESOLVED DUPLICATE of bug 284570

Status

()

Bugzilla
Administration
--
enhancement
RESOLVED DUPLICATE of bug 284570
8 years ago
8 years ago

People

(Reporter: mcoates, Unassigned)

Tracking

(Blocks: 1 bug)

Details

Issue:

Functionality is not present for an admin to define a password rotation policy which would require users to change their password after a defined number of days.

The risk is that a compromised password could be used indefinitely. There is also a minimal risk that an attacker could brute force a password each day subject to the account lockout control.

Recommended Resolution:

Provide support to allow a bugzilla admin to define a password rotation policy for users. In addition, it would be beneficial if the policy could be customized per group - with a user bound by the most stringent rotation policy of all groups they are a member of.
Blocks: 555735

Comment 1

8 years ago
See especially bug 284570 comment 3, which is what you are requesting here.

And this is neither a major issue nor a security bug.
Group: bugzilla-security
Severity: major → enhancement
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 284570
You need to log in before you can comment on or make changes to this bug.