Security weakness related to memcached
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| StarlingX |
In Progress
|
Undecided
|
Carmen Rata | ||
Bug Description
Brief Description
-----------------
Memcached security weakness allows for acquiring a keystone token and use it to get access to StaringX web access as sysadmin.
At controller (localhost), one can obtain a token by dumping memcached with memcached_dump.
External host can get the token by accessing the Host IP and port.
The container of the host can also get token by accessing it's host IP and port (w/o root privileges).
Severity
--------
Major
Steps to Reproduce
------------------
1. use "memcached_dump" to obtain the authentication token.
2. access StaringX web with the token
Expected Behavior
------------------
Authentication token should not be exposed in clear text. It should be encrypted or not accessible.
Actual Behavior
----------------
Authentication token should is exposed
Reproducibility
---------------
<Reproducible/
not 100% reproducible, some servers have the issue, some do not
| Changed in starlingx: | |
| assignee: | nobody → Carmen Rata (crata) |
| OpenStack Infra (hudson-openstack) wrote Fix proposed to stx-puppet (master) | #1 |
| Changed in starlingx: | |
| status: | New → In Progress |
| information type: | Public → Public Security |
| OpenStack Infra (hudson-openstack) wrote Fix proposed to config (master) | #2 |
Fix proposed to branch: master
Review: https:/