operation log: user passwords are logged by default setting
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard (Horizon) |
Fix Released
|
Undecided
|
Akihiro Motoki | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
If the operation log is enabled (disabled by default) and the default value of OPERATION_
The same thing happens in "Change Password" action in the Identity User panel.
----
[None] [None] [demo] [d65075f0e4964b
----
The default value of OPERATION_
Operators who enable the operation log feature are recommended to set OPERATION_
information type: | Private Security → Public Security |
Changed in horizon: | |
milestone: | queens-3 → queens-rc1 |
description: | updated |
information type: | Public Security → Public |
tags: | added: security |
This is a bug of logging, so I think this can be public, but I would like to wait for the decision from the security team.