If the config option is worthless, it's a mild usability issue, and we should drop it. Marking with the corresponding tag. ** Tags added: usability -- You received this bug notification because you are a member of OpenStack Security, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1666959 Title: ha_vrrp_auth_type defaults to PASS which is insecure Status in neutron: New Status in OpenStack Security Advisory: Won't Fix Bug description: With l3_ha enabled, ha_vrrp_auth_type defaults to PASS authentication: https://github.com/openstack/neutron/blob/b90ec94dc3f83f63bdb505ace1e4c272435c494b/neutron/conf/agent/l3/ha.py#L28 which according to http://louwrentius.com/configuring-attacking-and- securing-vrrp-on-linux.html is totally insecure because the VRRP password is transmitted in the clear. I'm not sure if this is currently a serious issue, since if the VRRP network is untrusted, maybe there are already bigger problems. But I thought it was worth reporting, at least. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1666959/+subscriptions