OpenStack Compute (nova)

Password Generation (in)security

Bug #732277 reported by justinsb
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
Medium
justinsb
OpenStack Compute (nova) 2011.2 "cactus"

Bug Description

utils.generate_password does not generate a secure password, but it is used as if it did.

Interestingly, xvp.py has a generate_password function that calls the (much more) secure os.urandom function.

We should probably replace the function in utils with xvp's, and have xvp use utils.

Related branches

lp:~justin-fathomdb/nova/bug732277
Devin Carlen (community): Approve
Soren Hansen (community): Approve
Diff: 63 lines (+19/-11)
3 files modified
nova/console/manager.py (+1/-1)
nova/console/xvp.py (+0/-4)
nova/utils.py (+18/-6)
Thierry Carrez (ttx)
Changed in nova:
importance: Undecided → Medium
status: New → Triaged
Revision history for this message
justinsb (justin-fathomdb) wrote :

Grabbing this bug because it 'bugs' me...

Changed in nova:
assignee: nobody → justinsb (justin-fathomdb)
Thierry Carrez (ttx)
Changed in nova:
status: Triaged → In Progress
Thierry Carrez (ttx)
Changed in nova:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in nova:
milestone: none → 2011.2
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.