P3
FULL PRODUCT VERSION :
JDK/JRE 1.7.0.91, 1.6.0_105, 1.8.x
ADDITIONAL OS VERSION INFORMATION :
Redhat Linux X64 all
A DESCRIPTION OF THE PROBLEM :
saving a custom keystore with a password functions properly, however the command
# keytool --list -keystore keystore
prompts for a password (and requires the preset password)
EXCEPT that entering NO PASSWORD also displays the content of the keystore!
import and delete functions still require the valid password
ADDITIONAL REGRESSION INFORMATION:
unsure
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
create a keystore, assign a storepass to the keystore
use the command keytool --list -keystore keystore
just hit enter at password prompt.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
that the password would be enforced to secure the keystore
ACTUAL -
no password required to list contents presents security risk, data exposure, etc
REPRODUCIBILITY :
This bug can be reproduced always.
JDK/JRE 1.7.0.91, 1.6.0_105, 1.8.x
ADDITIONAL OS VERSION INFORMATION :
Redhat Linux X64 all
A DESCRIPTION OF THE PROBLEM :
saving a custom keystore with a password functions properly, however the command
# keytool --list -keystore keystore
prompts for a password (and requires the preset password)
EXCEPT that entering NO PASSWORD also displays the content of the keystore!
import and delete functions still require the valid password
ADDITIONAL REGRESSION INFORMATION:
unsure
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
create a keystore, assign a storepass to the keystore
use the command keytool --list -keystore keystore
just hit enter at password prompt.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
that the password would be enforced to secure the keystore
ACTUAL -
no password required to list contents presents security risk, data exposure, etc
REPRODUCIBILITY :
This bug can be reproduced always.