When Keystone is in DEBUG mode, Password are printed in clear text in keystone.log
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Confirmed
|
Medium
|
Unassigned |
Bug Description
Scenario:
=========
1. Set Keystone to DEBUG Mode:
a. Change: debug = True in /etc/keystone/
b. Restart keystone: service openstack-keystone restart
2. tail -f /var/log/
3. Login Openstack via Dashbaord.
Result:
=======
1. You'll see the password in clear text:
2012-09-13 11:48:33 DEBUG [keystone.
2012-09-13 11:48:33 DEBUG [keystone.
2012-09-13 11:48:33 DEBUG [keystone.
2012-09-13 11:48:33 DEBUG [keystone.
(Reproduced several times 100% reproducible)
Attached logs:
compute.log
security vulnerability: | yes → no |
visibility: | private → public |
Looks like Keystone should borrow Nova's log scrubbing feature.