Comment 3 for bug 1884457

1. I tested it in ocata version, i did configure it myself, though. I checked the source in newest version and it seems that vulnerable part of source code wasn't changed.
2. No, my testing stand allowed me to detach root disk from trove instance and to attach it to nova instance. This way i was able to read the credentials

But still, i think it's better to fix that, because it can be used as a post-exploitation technique, when attacker somehow can read mq credentials by exploiting vulnerable DB or invalid configured custom DB image.