[Openstack-security] [Bug 1639032] Re: Hardcoded password sent plaintext
Jeremy Stanley
fungi at yuggoth.org
Thu Feb 2 20:49:53 UTC 2017
** Description changed:
- This issue is being treated as a potential security risk under embargo.
- Please do not make any public mention of embargoed (private) security
- vulnerabilities before their coordinated publication by the OpenStack
- Vulnerability Management Team in the form of an official OpenStack
- Security Advisory. This includes discussion of the bug or associated
- fixes in public forums such as mailing lists, code review systems and
- bug trackers. Please also avoid private disclosure to other individuals
- not already approved for access to this information, and provide this
- same reminder to those who are made aware of the issue prior to
- publication. All discussion should remain confined to this private bug
- report, and any proposed fixes should be added to the bug as
- attachments.
-
In cinder/volume/drivers/nexenta/utils.py:103 there is a hardcoded
password. This password is then used in
cinder/volume/drivers/nexenta/iscsi.py and
cinder/volume/drivers/nexenta/nfs.py.
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1639032
Title:
Hardcoded password sent plaintext
Status in Cinder:
Invalid
Status in OpenStack Security Advisory:
Invalid
Bug description:
In cinder/volume/drivers/nexenta/utils.py:103 there is a hardcoded
password. This password is then used in
cinder/volume/drivers/nexenta/iscsi.py and
cinder/volume/drivers/nexenta/nfs.py.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1639032/+subscriptions
More information about the Openstack-security
mailing list