passwords in config files stored in plaintext
Bug #1158328 reported by
Stuart Stent
This bug affects 7 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Won't Fix
|
Wishlist
|
Unassigned | ||
OpenStack Compute (nova) |
Won't Fix
|
Wishlist
|
Unassigned |
Bug Description
The credentials for database conenctions and the keystone authtoken are stored in plaintext within the nova.conf and apipaste config files.
These values should be encrypted. A scheme similar to /etc/shadow would be great.
Changed in cinder: | |
status: | Confirmed → Won't Fix |
To post a comment you must log in.
I think we should consider this a "hardening" request as opposed to a private vulnerability. Opinions from other VMT members?