[Openstack-security] [Bug 1231263] Fix proposed to nova (stable/havana)
OpenStack Infra
1231263 at bugs.launchpad.net
Fri Nov 1 17:04:15 UTC 2013
Fix proposed to branch: stable/havana
Review: https://review.openstack.org/54954
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1231263
Title:
Clear text password has been print in log by some API call
Status in OpenStack Compute (Nova):
Fix Committed
Bug description:
In current implementation, when perform some api call, like change server password, or rescue server, the password has been print in log in nova.
i.e:
2013-09-26 13:48:01.711 DEBUG routes.middleware [-] Match dict: {'action': u'action', 'controller': <nova.api.openstack.wsgi.Resource object at 0x46d09d0>, 'project_id': u'05004a24b3304cd9b55a0fcad08107b3', 'id': u'8c4a1dfa-147a-4f
f8-8116-010d8c346115'} from (pid=10629) __call__ /usr/local/lib/python2.7/dist-packages/routes/middleware.py:103
2013-09-26 13:48:01.711 DEBUG nova.api.openstack.wsgi [req-10ebd201-ba52-453f-b1ce-1e41fbef8cdd admin demo] Action: 'action', body: {"changePassword": {"adminPass": "1234567"}} from (pid=10629) _process_stack /opt/stack/nova/nova/api/openstack/wsgi.py:926
This is not secue which the password should be replaced by ***
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1231263/+subscriptions
More information about the Openstack-security
mailing list