2021-09-03 23:03:03 |
Boris Lukashev |
description |
Using current KA (12.2.0), deploying Wallaby, i'm seeing Nova not set instance passwords unless its done via user_data directives. The default password in our Windows images is never changed, even if explicit told to during instance creation. Same thing for Linux & BSD, regardless of whether the username is set in the image metadata properties or not.
I've reported the same issue to the Juju tracker (was using their stack until snaps killed a cloud), no answer from them yet.
This _may_ be considered a security issue as it removes the function of wiping static default credentials pre-baked into images (https://owasp.org/www-community/vulnerabilities/Use_of_hard-coded_password). |
Using current KA (12.2.0), deploying Wallaby, i'm seeing Nova not set instance passwords unless its done via user_data directives. The default password in our Windows images is never changed, even if explicitly told to during instance creation. Same thing for Linux & BSD, regardless of whether the username is set in the image metadata properties or not.
I've reported the same issue to the Juju tracker (was using their stack until snaps killed a cloud), no answer from them yet.
This _may_ be considered a security issue as it removes the function of wiping static default credentials pre-baked into images (https://owasp.org/www-community/vulnerabilities/Use_of_hard-coded_password). |
|