Remove the generateHttpPassword capability
Remove the Generate HTTP Password capability because it exposes a
security vulnerability. Any user that is granted this capability
can modify an administrator's http password and impersonate the
admin user. Other reasons for removing this capability are that
the usage of it is inconsistent with the modifyAccount capability
and this capability encourages adding additional capabilities to
restrict permissions, which is not desired.
With this change only administrators are allowed to generate and
delete other users' http passwords.
The motivation behind this change is from comments in changes
Ib1971fad and If8296539.
Change-Id: Id907cc103591eed029fd08af700bb1bb6a618ff8
9 files changed
