| Issue Number | 3878 |
|---|---|
| Summary | Improvements to https://cdr.cancer.gov login page |
| Created | 2015-02-26 09:49:14 |
| Issue Type | Improvement |
| Submitted By | henryec |
| Assigned To | Kline, Bob (NIH/NCI) [C] |
| Status | Closed |
| Resolved | 2015-03-19 14:36:45 |
| Resolution | Won't Fix |
| Path | /home/bkline/backups/jira/ocecdr/issue.155904 |
Currently, logging in with any username/password combination that is not recognized will take a user to the guest interface.
This was brought to our attention because the security scans detected it as a security vulnerability. Although we explained the interaction and Security agreed it was a false positive, we may want to consider making some changes to the interface in the future to avoid confusion. For example, create a button for guest login and give an error message when an unrecognized username/password combination is entered.
I am attaching a copy of the email thread I had with CBIIT Web Hosting about the issue.
This problem will disappear when the CDR security remediation patch rolls up the tiers, because the login page has been replaced by the Digest Authentication challenge dialog window.
| File Name | Posted | User |
|---|---|---|
| RE Remediate Poor Password on CDR servers.txt | 2015-02-26 09:49:14 |
Elapsed: 0:00:00.000996