openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #19045
Re: Potential security issue with CHAP
On 11/29/2012 03:50 AM, Avishay Traeger wrote:
>
> Hi all,
> Currently, CHAP secrets are managed by Cinder, and passed to Nova for use
> when attaching volumes. This means that unless the communication is
> encrypted, or a separate trusted network is used, CHAP secrets can be
> sniffed on the wire.
> Opinions?
In the future, if you suspect something is a security issue
(vulnerability), the public mailing list isn't the best place to report
it. :-) Please use a private bug on launchpad, or send someone on the
vulnerability management team an encrypted email.
http://www.openstack.org/projects/openstack-security/
In this case, I don't think there is a problem here. A lot of sensitive
information is passed around between services, via both messaging and
the REST APIs. It is certainly important to protect these
communications via the means you mentioned (trusted network, encryption).
--
Russell Bryant
Follow ups
References