Password visible in clear text in keystone.log when user created and keystone debug logging is enabled
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Bandit |
Won't Fix
|
Wishlist
|
Unassigned | ||
OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Brant Knudson | ||
Juno |
Fix Released
|
Medium
|
Brant Knudson | ||
Kilo |
Fix Released
|
Medium
|
Brant Knudson | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
grep CLEARTEXTPASSWORD keystone.log
2015-06-16 06:44:39.770 20986 DEBUG keystone.
Issue code: https:/
LOG.
'action': action,
'kwargs': ', '.join(['%s=%s' % (k, kwargs[k]) for k in kwargs])})
Shadow the values of sensitive fields like 'password' by some meaningless garbled text like "XXXXX" is one way to fix.
Well, in addition to this, I think we should never pass the 'password' with its original value along the code and save it in any persistence, instead we should convert it to a strong hash value as early as possible. With the help of a good hash system, we never have to need the original value of the password, right?
description: | updated |
Changed in keystone: | |
status: | Confirmed → In Progress |
tags: | added: kilo-backport-potential |
tags: | removed: keystone kilo-backport-potential |
Changed in keystone: | |
milestone: | none → liberty-2 |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | liberty-2 → 8.0.0 |
The OpenStack VMT currently considers (based on existing precedent) disclosure of sensitive information in debug-level logging a security hardening opportunity, and does not issue security advisories for it. This is class D in our report taxonomy: https:/ /security. openstack. org/vmt- process. html#incident- report- taxonomy