| 2023-10-26 06:28:23 |
Atsushi Kawai |
bug |
|
|
added bug |
| 2023-10-26 07:29:02 |
Atsushi Kawai |
description |
When accessing REST API server for Hitachi, NEC V or HPE XP storages,
following two user authorization ways are existing:
- when generating a session: authorization by ID and password
- after generating the session : authorization by a token
The token is generated when generating a session, and it is valid until the session is discarded.
the bug is that token is output to log file on Hitachi, HPE XP and NEC V cinder drivers.
It's a security risk. |
When accessing REST API server for Hitachi, NEC V or HPE XP storages,
following two user authorization ways are existing:
- when generating a session: authorization by ID and password
- after generating the session : authorization by a token
The token is generated when generating a session, and it is valid until the session is discarded.
the bug is that token is output to log file on Hitachi, HPE XP and NEC V cinder drivers.
It's a security risk.
[workaround]
set ``debug = False`` in DEAULT section on cinder.conf |
|
| 2023-10-26 07:33:06 |
Atsushi Kawai |
description |
When accessing REST API server for Hitachi, NEC V or HPE XP storages,
following two user authorization ways are existing:
- when generating a session: authorization by ID and password
- after generating the session : authorization by a token
The token is generated when generating a session, and it is valid until the session is discarded.
the bug is that token is output to log file on Hitachi, HPE XP and NEC V cinder drivers.
It's a security risk.
[workaround]
set ``debug = False`` in DEAULT section on cinder.conf |
When accessing REST API server for Hitachi, NEC V or HPE XP storages,
following two user authorization ways are existing:
- when generating a session: authorization by ID and password
- after generating the session : authorization by a token
The token is generated when generating a session, and it is valid until the session is discarded.
The bug is that the token is output to log file with DEBUG=true
on Hitachi, HPE XP and NEC V cinder drivers.
It's a security risk.
[workaround]
set ``debug = False`` in DEAULT section on cinder.conf |
|
| 2023-10-26 12:39:17 |
Jeremy Stanley |
information type |
Private Security |
Public |
|
| 2023-10-26 12:39:28 |
Jeremy Stanley |
tags |
|
security |
|
| 2023-10-26 12:39:38 |
Jeremy Stanley |
bug task added |
|
ossa |
|
| 2023-10-26 12:39:46 |
Jeremy Stanley |
ossa: status |
New |
Won't Fix |
|
| 2023-10-27 01:14:21 |
Atsushi Kawai |
attachment added |
|
https://review.opendev.org/c/openstack/cinder/+/899113 https://review.opendev.org/c/openstack/cinder/+/899113 |
|
| 2023-11-29 06:16:50 |
OpenStack Infra |
cinder: status |
New |
In Progress |
|
