Murano

Security: user can see password for services of admin

Bug #1230505 reported by Timur Nurlygayanov on 2013-09-25

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Murano	Fix Released	Critical	Unassigned	Murano 0.2.1 "v0.2.1"

Bug Description

*Step To Reproduce*

1. Get valid X-Auth-Token with admin rules
2. Via REST API: Create environment, create session, create any service, deploy session
3. Get valid X-Auth-Token with user rules
4. Get deployments info (http://ip:8082/environments/env_id/deployments)

*Observed result*
In response user can find password for services of admin:
{code}{u'deployments': [{u'updated':....., u'services': [u'adminPassword': u'P@ssw0rd', u'credentials': {u'username': u'Administrator', u'password': u'P@ssw0rd', .....}, ....}]}{code}

Timur Nurlygayanov (tnurlygayanov) on 2013-09-25

Changed in murano:
importance:	Undecided → Critical
status:	New → Fix Committed

Timur Nurlygayanov (tnurlygayanov) on 2013-09-25

summary:	- Security: user can see password for services of admin + Launchpad Bug #1230505: Security: user can see password for services of + admin
Changed in murano:
status:	Fix Committed → Fix Released

Timur Nurlygayanov (tnurlygayanov) on 2013-09-25

summary:

- Launchpad Bug #1230505: Security: user can see password for services of
- admin
+ Security: user can see password for services of admin

Timur Nurlygayanov (tnurlygayanov) on 2013-09-30

Changed in murano:
milestone:	none → 0.2.1

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.