[Openstack-security] [Bug 1761538] Re: Cookie hash value displayed in rabbitmq logs
Jeremy Stanley
fungi at yuggoth.org
Thu Apr 5 17:45:33 UTC 2018
If this behavior is configurable or other mitigation can be devised, or
if it gets patched upstream in rabbitmq, then a security note (not
advisory) may be appropriate to let operators know about the risk and
what they can do.
--
You received this bug notification because you are a member of OpenStack
Security SIG, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1761538
Title:
Cookie hash value displayed in rabbitmq logs
Status in OpenStack Identity (keystone):
New
Bug description:
ENabled rabbitmq debug and restarted the process. Found sensitive data
displayed in logs.
rabbitmq uses Erlang cookie concept where a cluster of nodes
communicates to each other. Any node that posses this secret cookie
can communicate with other nodes in the cluster.
=INFO REPORT==== 31-Mar-2018::03:28:46 ===
stopped SSL Listener on [::]:5671
=INFO REPORT==== 31-Mar-2018::03:28:46 ===
Stopped RabbitMQ application
=INFO REPORT==== 31-Mar-2018::03:28:46 ===
Halting Erlang VM
=INFO REPORT==== 31-Mar-2018::03:29:54 ===
Starting RabbitMQ 3.6.6 on Erlang 19.1.1
Copyright (C) 2007-2016 Pivotal Software, Inc.
Licensed under the MPL. See http://www.rabbitmq.com/
=INFO REPORT==== 31-Mar-2018::03:29:54 ===
node : rabbit at ip9-114-192-221
home dir : /var/lib/rabbitmq
config file(s) : /etc/rabbitmq/rabbitmq.config
cookie hash : RVLZk6qSkQ471Dqtfk14wA==
log : /var/log/rabbitmq/rabbit at ip9-114-192-221.log
sasl log : /var/log/rabbitmq/rabbit at ip9-114-192-221-sasl.log
database dir : /var/lib/rabbitmq/mnesia/rabbit at ip9-114-192-221
=INFO REPORT==== 31-Mar-2018::03:29:57 ===
Memory limit set to 3876MB of 9690MB total.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1761538/+subscriptions
More information about the Openstack-security
mailing list