iscsiadm log shows passwords
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Fix Released
|
Medium
|
Walt Boring | ||
os-brick |
Fix Released
|
Medium
|
Walt Boring |
Bug Description
Hi,
I am wondering why screen-c-vol.log is displaying the CHAP secret.
Logs:
2015-04-16 16:04:23.288 7306 DEBUG oslo_concurrenc
Above log hides the secret.
2015-04-16 16:04:23.290 7306 DEBUG cinder.
However, this one does not hide the secret.
In addition, i find that the CHAP credentials are stored as plain string the database table (volumes).
I guess these are security risks in the current implementation. Any comments ?
Regards,
Yogesh
CloudByte Inc.
Changed in cinder: | |
status: | New → Confirmed |
Changed in os-brick: | |
status: | New → Confirmed |
assignee: | nobody → Walt Boring (walter-boring) |
Changed in cinder: | |
importance: | Undecided → Medium |
Changed in os-brick: | |
importance: | Undecided → Medium |
Changed in os-brick: | |
milestone: | none → 0.2.0 |
status: | Fix Committed → Fix Released |
Changed in cinder: | |
milestone: | none → liberty-1 |
status: | Fix Committed → Fix Released |
Changed in cinder: | |
milestone: | liberty-1 → 7.0.0 |
Fix proposed to branch: master /review. openstack. org/174484
Review: https:/