Barbican

  1. Bug #1637115
  2. Activity log

Activity log for bug #1637115

Date Who What changed Old value New value Message
2016-10-27 08:46:55 Robert Clark bug added bug
2016-10-27 08:47:34 Robert Clark description From https://review.openstack.org/#/c/357978 1. Modification of ACLs in barbian database could compromise all secrets ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - Risk: barbican has a feature that allows a tenant to grant another tenant access to a secret. This is controlled via a tenant mapping table within the barbican database. The implied security model of the barbican database (when running with PCKS#11) is that all cryptographic operations are performed in the HSM, a confidentiality or integrity breach of the database will not directly result in secrets being compromised. However if an attacker was able to modify the ACL mapping, they could grant a tenant access to any/all secrets stored in the HSM. Once the mapping is manipulated the attacker could retrieve secrets using the normal barbican API. - Impact: All secrets stored in barbican are exposed. - Likelihood: Medium - Impact: High - Overall Risk Rating: High - Bug: <link to launchpad bug for this finding> - Recommendation: Provide deployment guidance requiring strong controls securing access to the barbican database. From https://review.openstack.org/#/c/357978 1. Modification of ACLs in barbian database could compromise all secrets ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - Risk: barbican has a feature that allows a tenant to grant another tenant access to a secret. This is controlled via a tenant mapping table within the barbican database. The implied security model of the barbican database (when running with PCKS#11) is that all cryptographic operations are performed in the HSM, a confidentiality or integrity breach of the database will not directly result in secrets being compromised. However if an attacker was able to modify the ACL mapping, they could grant a tenant access to any/all secrets stored in the HSM. Once the mapping is manipulated the attacker could   retrieve secrets using the normal barbican API. - Impact: All secrets stored in barbican are exposed. - Likelihood: Medium - Impact: High - Overall Risk Rating: High - Bug: <link to launchpad bug for this finding> - Recommendation: Provide deployment guidance requiring strong controls   securing access to the barbican database.
2017-02-23 20:34:52 Dave McCowan barbican: status New Triaged
2017-02-23 20:34:55 Dave McCowan barbican: importance Undecided High
2023-04-25 11:04:05 Grzegorz Grasza barbican: status Triaged Won't Fix