default etcd deployments share the same cluster token
Bug #1673266 reported by
Emilien Macchi
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
Critical
|
Emilien Macchi |
Bug Description
This is really bad for security to provide default tokens, default passwords etc.
When deploying Etcd service in TripleO, the default cluster token will be "etcd-tripleo".
If someone deploys Etcd with default values, anyone can deploy an etcd instance and reach the cluster with this token and get the key/values from there.
We should generate this token everytime a deployment is done, like we already do for passwords etc.
Changed in tripleo: | |
importance: | Undecided → Critical |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/446194
Review: https:/