service-rabbitmq logs password in cleartext

Bug #1865840 reported by Radosław Piliszek on 2020-03-03
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kolla-ansible
High
Radosław Piliszek
Train
High
Radosław Piliszek
Ussuri
High
Radosław Piliszek

Bug Description

service-rabbitmq logs password in cleartext

Fix proposed to branch: master
Review: https://review.opendev.org/710922

Changed in kolla-ansible:
status: Triaged → In Progress
Mark Goddard (mgoddard) wrote :

Would be good to provide an example of leakage for reference.

Radosław Piliszek (yoctozepto) wrote :

Ack, special for you. Ara example output (CI):

https://03319cc15cd4fcfb2a78-9347d83a8fe43a1fb2bb874d5a705361.ssl.cf5.rackcdn.com/706616/7/check/kolla-ansible-centos-source/4988719/primary/ara-report/ara-html/ (link will expire)

Item

{
    "password": "eONx3MvGdF7cuKflJ9s42GzuEQyyRCFLgTIX6Rfv",
    "user": "openstack",
    "vhost": "/"
}

Analogously running verbose mode.

Reviewed: https://review.opendev.org/710922
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=b1a4d8848af581388e0620d967c0ca36b000bf10
Submitter: Zuul
Branch: master

commit b1a4d8848af581388e0620d967c0ca36b000bf10
Author: Radosław Piliszek <email address hidden>
Date: Tue Mar 3 09:18:39 2020 +0100

    service-rabbitmq: do not log password (use no_log)

    Change-Id: I68a40bebc174e8ebdaea36a0689b34cadb9009d2
    Closes-bug: #1865840

Changed in kolla-ansible:
status: In Progress → Fix Released

Reviewed: https://review.opendev.org/710990
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=071033fd442f1ead3dfd17ae716d0d9916290aca
Submitter: Zuul
Branch: stable/train

commit 071033fd442f1ead3dfd17ae716d0d9916290aca
Author: Radosław Piliszek <email address hidden>
Date: Tue Mar 3 09:18:39 2020 +0100

    service-rabbitmq: do not log password (use no_log)

    Change-Id: I68a40bebc174e8ebdaea36a0689b34cadb9009d2
    Closes-bug: #1865840
    (cherry picked from commit b1a4d8848af581388e0620d967c0ca36b000bf10)

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers