Default admin_token usable on Keystone
Bug #1582893 reported by
Sheena Conant
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Fuel for OpenStack |
Fix Released
|
High
|
Matthew Mosesohn | ||
6.1.x |
Fix Released
|
High
|
Matthew Mosesohn | ||
7.0.x |
Fix Released
|
High
|
Alexey Stupnikov | ||
8.0.x |
Fix Released
|
High
|
Alexey Stupnikov | ||
Mitaka |
Fix Released
|
High
|
Matthew Mosesohn |
Bug Description
The default admin_token is used to perform administrative tasks on Keystone such as creating users. This Token gives administrative access to anyone without authentication and lasts indefinitely until disabled in configuration files.
Per mattymo: We should disable it like we do on deployed OpenStack nodes. It is not used by any services. This is a quick fix we can quickly make.
tags: | added: customer-found feature-security |
Changed in fuel: | |
milestone: | none → 10.0 |
assignee: | nobody → MOS Keystone (mos-keystone) |
importance: | Undecided → Medium |
status: | New → Confirmed |
tags: | added: area-mos |
Changed in fuel: | |
assignee: | MOS Keystone (mos-keystone) → Matthew Mosesohn (raytrac3r) |
Changed in fuel: | |
assignee: | Matthew Mosesohn (raytrac3r) → Dmitry Ilyin (idv1985) |
Changed in fuel: | |
assignee: | Dmitry Ilyin (idv1985) → Matthew Mosesohn (raytrac3r) |
tags: | added: security-aic |
tags: | added: area-library |
tags: | added: on-verification |
information type: | Public Security → Private Security |
tags: | added: on-verification |
tags: | removed: on-verification |
tags: | added: on-verification |
tags: | added: on-verification |
information type: | Private Security → Public Security |
tags: | added: on-verification |
tags: | added: on-verification |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/318582
Review: https:/