[Openstack-security] [Bug 1761054] Re: nova log expose password when swapvolume

OpenStack Infra 1761054 at bugs.launchpad.net
Wed Apr 18 21:28:45 UTC 2018


Reviewed:  https://review.openstack.org/559603
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=df90dfd5cdf76c65b8d8a539d79e384c82c8428c
Submitter: Zuul
Branch:    stable/queens

commit df90dfd5cdf76c65b8d8a539d79e384c82c8428c
Author: jichenjc <jichenjc at cn.ibm.com>
Date:   Wed Apr 4 13:26:01 2018 +0800

    Avoid showing password in log
    
    per bug indicated, the password is shown in the log.
    
    https://github.com/openstack/oslo.utils/blob/master/oslo_utils/strutils.py#L295
    indicated auth_password can be masked through mask_password method.
    
    Change-Id: I725eea1866642b40cc6b065ed0e8aefb91ca2889
    Closes-Bug: 1761054
    (cherry picked from commit 1b61d6c08c7c86834acab45320230824b88d529c)


** Tags added: in-stable-queens

-- 
You received this bug notification because you are a member of OpenStack
Security SIG, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1761054

Title:
  nova log expose password when swapvolume

Status in OpenStack Compute (nova):
  Fix Released
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  http://logs.openstack.org/50/557150/6/check/tempest-
  full/1f9c9f2/controller/logs/screen-n-cpu.txt.gz#_Mar_30_08_37_13_371323

  u'auth_password': u'8KigD3KKykJkJixs', u'auth_username':
  u'6m4wAHCZVqFfTQaF4eZu',

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1761054/+subscriptions




More information about the Openstack-security mailing list