共计 4286 个字符,预计需要花费 11 分钟才能阅读完成。
|
第一次碰到这种,请问是直接改登录密 Oracle 已发现影响 Oracle 云基础设施(OCI)标识服务的安全漏洞 CVE-2022-21503。由于此漏洞,对您的租赁中的 OCI 审核记录具有读取权限的管理员及其指定人员可能会以明文形式查看某些凭据。因此,必须在 2022 年 7 月 18 日之前更改用户的多个控制台 UI 密码: |
网友回复:
注册 : 感觉改密码这个行为挺危险的
comet: 你缺个图床
huanx: 登陆就要求改密码 18 号不改密码 登陆就不会提示改密码 而是密码错误 只能通过找回密码改 建议现在去改一下
浪听涛 : 谢谢!没床。。。
linjz: 每隔一段时间也会强制要求你改
comet: 好像不是每个号都受到影响
大侠饶命 : 去年八九月分注册的都改了两次了
gyjys43043: 恩,有很多账号改过,但都不是邮件提醒的
Ronin: 我的号是什么都找不到了,这破烂不用也罢,事实上,也一直没用,就在那吃灰 [[email protected] ~]# uptime 09:38:12 up 227 days, 18:26, 1 user, load average: 0.00, 0.00, 0.00 [[email protected] ~]# ifconfig enp0s3: flags=4163
comet: 几个吃灰号都收到了
注册 : 没找到改密码的地方,大佬指点一下?
注册 : 改密码的话 可能会封号吧
usufu: 一般都是登录强制要求改,收邮件是第一次
huanx: 那不会,不是经常有买卖帐号的么
comet: 改了就是,又不麻烦,除非你的账号非常多
comet: 感觉改密码这个行为挺危险的
快跑鸭 : 帐号十几个,有的邮箱都是新注册的,平时不登陆
huanx: 3 个号收到邮件,再等几天一波改
comet: 感谢提醒 马上安排~
abc.xyz: 没收到邮件让改密码,反倒是偶尔登上去后提示该密码
注册 : Rotate Credentials 说明: Oracle has identified security vulnerability CVE-2022-21503 that affected the Oracle Cloud Infrastructure (OCI) Identity service. As a result of this vulnerability, administrators and their designees with read-access to the OCI audit-records in your tenancy could have viewed some credentials in clear text. For this reason, several of your users’ console UI passwords must be changed by July 18, 2022: • When those users log in to the OCI console, the login process will prompt them to change their console passwords. • If any of those users does not log in to the OCI console by July 18, 2022, that user’s console password will expire. • Once a user’s console password has expired, that user cannot log in. The user can either reset that console password (if the user has a verified email-address) or ask an administrator to reset the user’s console password. • Once an expired console password has been reset, the user can log in to the OCI console and the login process will prompt the user to change the console password. How do I find the console passwords that must be changed? To find which credentials your users must change, use Cloud Shell in the Oracle Cloud Admin Console to run the tool that Oracle has provided. You can rerun this tool periodically to track your progress in rotating affected credentials. The benefit of using Cloud Shell is that Cloud Shell comes packaged with the necessary Python interpreter and dependencies required to run the script. Cloud Shell also performs authentication with no extra configuration. • Most administrators already have the necessary permissions to access Cloud Shell. They can click the Cloud Shell icon and type the command, “identity-audit-tool.” • If you have not already set up Cloud Shell, see the topic entitled “Using Cloud Shell” in the public documentation: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/cloudshellgettingstarted.htm. Follow those instructions before running the command. The identity-audit-tool command scans your OCI tenancy for credentials that you must rotate and gives the following results: • If the tool encounters an error, the tool displays output that describes the error. • If the tool finds no credential that you must rotate, it prints one line: “Found no affected credential.” • If the tool finds at least one credential that you must rotate, the tool prints a line of output for each credential that you must rotate. The tool also writes output to a comma-separated-value (CSV) file called “audit.csv.” NOTE: The tool will overwrite any file named “audit.csv” in your home directory in CloudShell. The CSV file might be more convenient for analysis or for automated remediation. That CSV file contains a line of output for each credential that you must rotate. Each line of output includes values for the credential ID, credential type, credential status, user name, user OCID, and created date. If the script indicates that an audit report was written, you can download the output file “audit.csv” from Cloud Shell with the following steps: • From the Cloud Shell menu, click Download. • When the dialog box labeled “Download File” appears, enter the filename, such as “audit.csv.” Click the Download button. • When the File Transfers dialog indicates that the download of audit.csv is complete, you can use that file locally
注册 : 找了半天没找到在哪改密码。。。。没有 local password, oracleidentitycloudservice 的账户里面也没有改密码的地方。。。。
dole: 7 月 18 号还早还早。今天才改一个。
SayWhat13: 大佬在哪改密码 进去没找到入口
hchen: 那你就不要登录进去啊。门口不就有忘记密码吗?
dole: 是因为要合并登录网址的原因?
hchen: 十几个账号 难道要一个个改吗 :@
