OpenStack Compute (nova)

Clear text password has been print in log by some API call

Bug #1231263 reported by GuoHui Liu on 2013-09-26

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Fix Released	Medium	Davanum Srinivas (DIMS)	OpenStack Compute (nova) 2014.1 "icehouse"
	Havana	Fix Released	Medium	Matt Riedemann	OpenStack Compute (nova) 2013.2.1

Bug Description

In current implementation, when perform some api call, like change server password, or rescue server, the password has been print in log in nova.
i.e:

2013-09-26 13:48:01.711 DEBUG routes.middleware [-] Match dict: {'action': u'action', 'controller': <nova.api.openstack.wsgi.Resource object at 0x46d09d0>, 'project_id': u'05004a24b3304cd9b55a0fcad08107b3', 'id': u'8c4a1dfa-147a-4f
f8-8116-010d8c346115'} from (pid=10629) __call__ /usr/local/lib/python2.7/dist-packages/routes/middleware.py:103
2013-09-26 13:48:01.711 DEBUG nova.api.openstack.wsgi [req-10ebd201-ba52-453f-b1ce-1e41fbef8cdd admin demo] Action: 'action', body: {"changePassword": {"adminPass": "1234567"}} from (pid=10629) _process_stack /opt/stack/nova/nova/api/openstack/wsgi.py:926

This is not secue which the password should be replaced by ***

Tags:

GuoHui Liu (guohliu) on 2013-09-26

information type:	Private Security → Public
Changed in nova:
assignee:	nobody → GuoHui LIu (guohliu)

Thierry Carrez (ttx) on 2013-09-26

information type:	Public → Public Security
Changed in ossa:
status:	New → Incomplete

Revision history for this message

Thierry Carrez (ttx) wrote on 2013-09-26:

Looks a lot like bug 915025, but apparently that only covered compute node logs...

GuoHui Liu (guohliu) on 2013-09-26

tags:

added: api

Revision history for this message

Thierry Carrez (ttx) wrote on 2013-09-27:

Presence of passwords in debug logs should definitely be fixed, but was not treated as a vulnerability warranting the publication of an OSSA in the past. let's get this fixed in havana.

no longer affects:	ossa
tags:	added: security
tags:	added: havana-rc-potential
information type:	Public Security → Public

Revision history for this message

Robert Clark (robert-clark) wrote on 2013-09-27:

I know that my own, and some other orgs filter the logs. Do you think an OSSN is warranted for this?

Revision history for this message

Thierry Carrez (ttx) wrote on 2013-09-27:

@Rob: we didn't issue one for past "DEBUG logs in past versions might contain sensitive information" issues... Your call :)

Revision history for this message

Davanum Srinivas (DIMS) (dims-v) wrote on 2013-10-04:

Review is here https://review.openstack.org/#/c/49664/

Changed in nova:
assignee:	GuoHui LIu (guohliu) → Davanum Srinivas (DIMS) (dims-v)
status:	New → In Progress

Davanum Srinivas (DIMS) (dims-v) on 2013-10-14

Changed in nova:
importance:	Undecided → Medium

Thierry Carrez (ttx) on 2013-10-14

tags:

added: havana-backport-potential
removed: havana-rc-potential

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-10-16: Fix merged to nova (master)

Reviewed: https://review.openstack.org/49664
Committed: http://github.com/openstack/nova/commit/c6d82083295e9b1b42f22d3a2d25a1ab7d341a13
Submitter: Jenkins
Branch: master

commit c6d82083295e9b1b42f22d3a2d25a1ab7d341a13
Author: Davanum Srinivas <email address hidden>
Date: Thu Oct 3 22:28:58 2013 -0400

Sanitize passwords when logging payload in wsgi

    adminPass (or admin_pass) can be either part of a json object or
    an xml element or xml attribute. The patch includes
    regexps to support all these cases and adds tests
    as well

Change-Id: Ic119f986a03863c1d13b566b4c005f3bc77d83d0
Closes-Bug: 1231263

Changed in nova:
status:	In Progress → Fix Committed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-11-01: Fix proposed to nova (stable/havana)

Fix proposed to branch: stable/havana
Review: https://review.openstack.org/54954

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-11-03: Fix merged to nova (stable/havana)

Reviewed: https://review.openstack.org/54954
Committed: http://github.com/openstack/nova/commit/5a385f23101dc99e0bc97975e664d3ef242888d3
Submitter: Jenkins
Branch: stable/havana

commit 5a385f23101dc99e0bc97975e664d3ef242888d3
Author: Davanum Srinivas <email address hidden>
Date: Thu Oct 3 22:28:58 2013 -0400

Sanitize passwords when logging payload in wsgi

    adminPass (or admin_pass) can be either part of a json object or
    an xml element or xml attribute. The patch includes
    regexps to support all these cases and adds tests
    as well

    Change-Id: Ic119f986a03863c1d13b566b4c005f3bc77d83d0
    Closes-Bug: 1231263
    (cherry picked from commit c6d82083295e9b1b42f22d3a2d25a1ab7d341a13)

tags:

added: in-stable-havana

Russell Bryant (russellb) on 2013-12-03

Changed in nova:
milestone:	none → icehouse-1

Thierry Carrez (ttx) on 2013-12-04

Changed in nova:
status:	Fix Committed → Fix Released

Alan Pevec (apevec) on 2013-12-08

tags:

removed: havana-backport-potential in-stable-havana

Thierry Carrez (ttx) on 2014-04-17

Changed in nova:
milestone:	icehouse-1 → 2014.1

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.