Fix proposed to branch: master Review: https://review.openstack.org/434508 -- You received this bug notification because you are a member of OpenStack Security, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1575909 Title: VPN shared PSK shown in plaintext Status in OpenStack Dashboard (Horizon): New Status in OpenStack Security Advisory: Won't Fix Bug description: In the neutron VPN details and form, https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/project/vpn/templates/vpn/_ipsecsiteconnection_details.html#L43 and https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/project/vpn/forms.py#L249 don't offer the option of hiding the string. Typically sensitive information like passwords is hidden by default, requiring the user to explicitly choose to make it visible by clicking an icon (like the eye icon). Filing this as a security bug out of an overabundance of caution; while it is related to security it doesn't describe a vulnerability that can be exploited by means other than shoulder surfing. To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1575909/+subscriptions