StarlingX

HPE3PAR passwords stored in plain text in system service-parameter-list

Bug #1799762 reported by Maria Yousaf
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Medium
Elena Taivan

Bug Description

Brief Description
-----------------
HPE3PAR passwords are stored in plain text in system service-parameter-list.

Severity
--------
Major

Steps to Reproduce
------------------
- Provision HPE3PAR
- View system service-parameter-list

Expected Behavior
------------------
- Sensitive information such as passwords should be obscured

Actual Behavior
----------------
- Passwords are shown in plain text

Reproducibility
---------------
100%

System Configuration
--------------------
Storage system

Branch/Pull Time/Commit
-----------------------
master as of 2018-10-15_21-18-00

Timestamp/Logs
--------------
N/A

Revision history for this message
Ghada Khalil (gkhalil) wrote :

Targeting stx.2019.03 -- issue related to recent 3PAR feature.
The password should be * out (as is done for the EMC SAN).

Changed in starlingx:
importance: Undecided → Medium
status: New → Triaged
tags: added: stx.c
tags: added: stx.2019.03 stx.config
removed: stx.c
Elena Taivan (etaivan)
Changed in starlingx:
assignee: nobody → Elena Taivan (etaivan)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to stx-config (master)

Fix proposed to branch: master
Review: https://review.openstack.org/615092

Changed in starlingx:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to stx-config (master)

Reviewed: https://review.openstack.org/615092
Committed: https://git.openstack.org/cgit/openstack/stx-config/commit/?id=f9bef78dfd047097c01b22f2e1115b61c8801670
Submitter: Zuul
Branch: master

commit f9bef78dfd047097c01b22f2e1115b61c8801670
Author: Elena Taivan <email address hidden>
Date: Fri Nov 2 08:15:13 2018 +0000

    HPE3PAR passwords stored in plain text in service-parameter-list

    The san_login and san_password parameters provide sensitive
    information and should be obscured. These values were moved
    to the CINDER_HPE3PAR_PARAMETER_PROTECTED list as to not have
    them displayed in plain text when service-parameter-list is issued.

    Change-Id: I3544a127410b827a90a9da7298df1ce62008bccd
    Closes-Bug: #1799762
    Signed-off-by: Elena Taivan <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
Ken Young (kenyis)
tags: added: stx.2019.05
removed: stx.2019.03
Ken Young (kenyis)
tags: added: stx.2.0
removed: stx.2019.05
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.