HDS HNAS driver logs HNAS password as plain text
Bug #1491524 reported by
Tiago Pasqualini da Silva
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Fix Released
|
Undecided
|
Tiago Pasqualini da Silva | ||
Juno |
Fix Released
|
Undecided
|
Unassigned | ||
Kilo |
Fix Released
|
Undecided
|
Unassigned | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
HDS HNAS driver logs every command that is sent to HNAS. Since some commands need the HNAS password, this password is being logged as plain text.
information type: | Private Security → Public |
Changed in cinder: | |
assignee: | nobody → Erlon R. Cruz (sombrafam) |
status: | New → In Progress |
Changed in cinder: | |
assignee: | Erlon R. Cruz (sombrafam) → Tiago Pasqualini da Silva (tiago.pasqualini) |
Changed in cinder: | |
milestone: | none → liberty-rc1 |
status: | Fix Committed → Fix Released |
Changed in cinder: | |
milestone: | liberty-rc1 → 7.0.0 |
To post a comment you must log in.
Since this report concerns a possible security risk, an incomplete security advisory task has been added while the core security reviewers for the affected project or projects confirm the bug and discuss the scope of any vulnerability along with potential solutions.
Are does command log without DEBUG ?