Debug log prints password while VIM registration.

Bug #1903955 reported by Manpreet Kaur
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tacker
Fix Released
Undecided
Manpreet Kaur

Bug Description

In the case of OpenStack VIM registration, the tacker debug logs prints the user's password.

* Registering OpenStack VIM
stack@ubuntu2004:~/devstack$ openstack vim register --config-file vim_config.yaml --description 'VNF Attach Block Storage' --is-default VNFStorageVIM

* The debug log prints the request details along with the password for the user
2020-11-12 04:28:29.252 2625306 DEBUG tacker.alarm_receiver [-] Process request: POST /v1.0/vims.json HTTP/1.0
. . .
{"vim": {"auth_url": "http://127.0.0.1/identity", "type": "openstack", "vim_project": {"name": "nfv", "project_domain_name": "Default"}, "auth_cred": {"username": "nfv_user", "password": "devstack", "user_domain_name": "Default", "cert_verify": "False"}, "name": "VNFStorageVIM", "description": "VNF Attach Block Storage", "is_default": true}} process_request /opt/stack/tacker/tacker/alarm_receiver.py:48

Sensitive information such as a password should be encrypted in log messages.

Changed in tacker:
assignee: nobody → Manpreet Kaur (manpreetk)
description: updated
Changed in tacker:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tacker (master)

Fix proposed to branch: master
Review: https://review.opendev.org/762943

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tacker (master)

Reviewed: https://review.opendev.org/762943
Committed: https://git.openstack.org/cgit/openstack/tacker/commit/?id=9d570f9feb806ee96a478a55f641cfd5a19c7863
Submitter: Zuul
Branch: master

commit 9d570f9feb806ee96a478a55f641cfd5a19c7863
Author: Manpreet Kaur <email address hidden>
Date: Tue Nov 17 02:04:16 2020 +0000

    Fix to encrypt password print in debug logs

    In the case of OpenStack VIM registration, tacker/event_alarm.py
    prints request details along with the password of the user in
    tacker debug logs.
    This patch encrypts sensitive information such as passwords in
    log messages.

    Change-Id: Iebcd726b081ebfa33332dbfae132638600b5cc87
    Closes-Bug: #1903955

Changed in tacker:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tacker 5.0.0.0rc1

This issue was fixed in the openstack/tacker 5.0.0.0rc1 release candidate.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.