Security weakness related to memcached
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
In Progress
|
Undecided
|
Carmen Rata |
Bug Description
Brief Description
-----------------
Memcached security weakness allows for acquiring a keystone token and use it to get access to StaringX web access as sysadmin.
At controller (localhost), one can obtain a token by dumping memcached with memcached_dump.
External host can get the token by accessing the Host IP and port.
The container of the host can also get token by accessing it's host IP and port (w/o root privileges).
Severity
--------
Major
Steps to Reproduce
------------------
1. use "memcached_dump" to obtain the authentication token.
2. access StaringX web with the token
Expected Behavior
------------------
Authentication token should not be exposed in clear text. It should be encrypted or not accessible.
Actual Behavior
----------------
Authentication token should is exposed
Reproducibility
---------------
<Reproducible/
not 100% reproducible, some servers have the issue, some do not
Changed in starlingx: | |
assignee: | nobody → Carmen Rata (crata) |
information type: | Public → Public Security |
Fix proposed to branch: master /review. opendev. org/c/starlingx /stx-puppet/ +/902309
Review: https:/