[Openstack-security] [Bug 1549547] Re: LBaaS leaking password in DEBUG logs
OpenStack Infra
1549547 at bugs.launchpad.net
Tue Mar 1 19:57:13 UTC 2016
Reviewed: https://review.openstack.org/285524
Committed: https://git.openstack.org/cgit/openstack/neutron-lbaas/commit/?id=58e78d50136d7ac498faaace53f52e26b7164a2f
Submitter: Jenkins
Branch: stable/liberty
commit 58e78d50136d7ac498faaace53f52e26b7164a2f
Author: James Arendt <james.arendt at hp.com>
Date: Wed Feb 24 16:23:45 2016 -0800
Neutron LBaaS leaking admin_password into logs
Current code leaks the keystone admin_password in the cfg
into log files.
Example from DevStack q-svc.log:
service_auth.admin_password = password
Issue is that the cfg.StrOpt for admin_password did not set
'secret=True", which would give:
service_auth.admin_password = ****
Change-Id: I24410641ad48b2e86984b383b144e29478a94344
Closes-Bug: #1549547
(cherry picked from commit 182dd4238f6f9c3f238fe4aba8017437a52d3a7b)
** Tags added: in-stable-liberty
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1549547
Title:
LBaaS leaking password in DEBUG logs
Status in neutron:
New
Status in OpenStack Security Advisory:
Won't Fix
Bug description:
Current code leaks the keystone admin_password in the cfg into log
files:
Example from DevStack q-svc.log:
[00;32mDEBUG oslo_service.service [^[[00;36m-^[[00;32m] ^[[01;35m^[[00;32mservice_auth.admin_password = password
Issue is that the cfg.StrOpt for admin_password did not set 'secret=True", which would give:
service_auth.admin_password = ****
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1549547/+subscriptions
More information about the Openstack-security
mailing list