search

openbmc / openbmc-test-automation

Apache License 2.0
106 stars 92 forks source link

Security: Test plan for Initial expired password #1946

Closed prkatti1 closed 12 months ago

prkatti1 commented 5 years ago
S.No Use Case Results Comments/Defects
  Behavior before changing the password    
1 Redfish Login with correct username and password when expired-password feature is enabled   Redfish interfaces should allow the password to be changed and should not allow access
2 Redfish Login with wrong username and password when expired-password feature is enabled   Should throw authentication failure
3 GUI Login with correct username and password when expired-password feature is enabled   GUI interfaces should allow the password to be changed and should not allow access
4 GUI Login with wrong username and password when expired-password feature is enabled   Should throw authentication failure
5 SSH Login with correct username and password when expired-password feature is enabled   SSH interfaces should allow the password to be changed and should not allow access
6 SSH Login with wrong username and password when expired-password feature is enabled   Should throw authentication failure
7 IPMI Login with correct username and password when expired-password feature is enabled    
8 IPMI Login with wrong username and password when expired-password feature is enabled    
  Behavior after changing the password    
9 Redfish Login with new username and password, it should allow the login and operations    
10 Redfish Login with wrong username and password when expired-password feature is enabled    
11 GUI Login with correct username and password, it should allow the login and operations    
12 GUI Login with wrong username and password when expired-password feature is enabled    
13 SSH Login with correct username and password, it should allow the login and operations    
14 SSH Login with wrong username and password when expired-password feature is enabled    
15 IPMI Login with correct username and password, it should allow the login and operations    
16 IPMI Login with wrong username and password when expired-password feature is enabled    
  Test cases after factory reset    
17 Redfish Login with correct username and password when expired-password feature is enabled   Redfish interfaces should allow the password to be changed and should not allow access
18 Redfish Login with wrong username and password when expired-password feature is enabled   Should throw authentication failure
19 GUI Login with correct username and password when expired-password feature is enabled   GUI interfaces should allow the password to be changed and should not allow access
20 GUI Login with wrong username and password when expired-password feature is enabled   Should throw authentication failure
21 SSH Login with correct username and password when expired-password feature is enabled   SSH interfaces should allow the password to be changed and should not allow access
22 SSH Login with wrong username and password when expired-password feature is enabled   Should throw authentication failure
23 IPMI Login with correct username and password when expired-password feature is enabled    
24 IPMI Login with wrong username and password when expired-password feature is enabled    
  Behavior on code update after changing the password    
25 Redfish Login with new username and password, it should allow the login and operations    
26 Redfish Login with wrong username and password when expired-password feature is enabled    
27 GUI Login with correct username and password, it should allow the login and operations    
28 GUI Login with wrong username and password when expired-password feature is enabled    
29 SSH Login with correct username and password, it should allow the login and operations    
30 SSH Login with wrong username and password when expired-password feature is enabled    
31 IPMI Login with correct username and password, it should allow the login and operations    
32 IPMI Login with wrong username and password when expired-password feature is enabled    
  Behavior on code update before changing the password    
33 Redfish Login with correct username and password when expired-password feature is enabled   Redfish interfaces should allow the password to be changed and should not allow access
34 Redfish Login with wrong username and password when expired-password feature is enabled   Should throw authentication failure
35 GUI Login with correct username and password when expired-password feature is enabled   GUI interfaces should allow the password to be changed and should not allow access
36 GUI Login with wrong username and password when expired-password feature is enabled   Should throw authentication failure
37 SSH Login with correct username and password when expired-password feature is enabled   SSH interfaces should allow the password to be changed and should not allow access
38 SSH Login with wrong username and password when expired-password feature is enabled   Should throw authentication failure
39 IPMI Login with correct username and password when expired-password feature is enabled    
40 IPMI Login with wrong username and password when expired-password feature is enabled    
  IPMI related tests    
41 Verify expired password is not allowed to change via IPMI    
gkeishin commented 5 years ago

@joseph-reynolds can u take a look at this use cases and provide feedback

gkeishin commented 5 years ago

@rahulmah can u also take a look at this plan.

rahulmah commented 5 years ago

@prkatti1 : Please find below test scenarios for testing expired password. I think you can include them.

Test first time BMC login.

  1. Login to BMC with default username and password (root/0penBmc).
  2. It will show a message that the default password is expired and ask you to enter new password.
  3. Enter the new password with minimum 8 character (New Password is now set and root user can log into BMC using new password).
  4. Login should work with this new password via GUI/Redfish/IPMI/SSH.

Test BMC login after factory reset

  1. Continue from previous test with new BMC password.
  2. Factory reset the BMC.
  3. After factory reset, BMC password will be reset to default password.
  4. Try to login BMC with default username and password(root/0penBmc).
  5. It will prompt you to provide new password to set.(try to provide the same way like in above test)

Test code update with expired design

  1. With an older build which did not have the "expired password" support, try to code-update to a newer build which has the "expired password" support.
  2. After successful code update, try to log into BMC with root username and older password.
  3. It guess it should prompt to provide new password if older password was less then 8 character.
gtmills commented 4 years ago

@rahulmah Should not reference IBM internal releases out here.