[Openstack-security] [Bug 1320028] Re: libvirt volume.py's _run_iscsiadm function logs iscsi node.session.auth.password if debug
Russell Bryant
1320028 at bugs.launchpad.net
Wed Jul 23 21:04:33 UTC 2014
** Changed in: oslo
Status: Fix Committed => Fix Released
** Changed in: oslo
Milestone: None => juno-2
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1320028
Title:
libvirt volume.py's _run_iscsiadm function logs iscsi
node.session.auth.password if debug
Status in OpenStack Compute (Nova):
Fix Released
Status in Oslo - a Library of Common OpenStack Code:
Fix Released
Bug description:
If debug logging is enabled, the _run_iscsiadm function in volume.py
logs the iscsi node.session.auth.password in plain text.
2014-05-13 08:12:21.915 29013 DEBUG nova.virt.libvirt.volume [req-
d21bb680-feb9-4242-9d18-057af79d26e8 0
3112d0d7268b458bb5c997c33cd8a8c0] iscsiadm ('--op', 'update', '-n',
'node.session.auth.password', '-v', u'password'): stdout= stderr=
_run_iscsiadm /usr/lib/python2.7/site-
packages/nova/virt/libvirt/volume.py:248
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1320028/+subscriptions
More information about the Openstack-security
mailing list