yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #27073
[Bug 1412855] Re: Horizon logs in with unencrypted credentials
** Changed in: fuel
Milestone: None => 6.1
** Changed in: fuel
Importance: Undecided => High
** Also affects: fuel/7.0.x
Importance: Undecided
Status: New
** Also affects: fuel/6.1.x
Importance: High
Status: New
** Changed in: fuel/7.0.x
Importance: Undecided => High
** Changed in: fuel/7.0.x
Milestone: None => 7.0
** Changed in: fuel/6.1.x
Status: New => Triaged
** Changed in: fuel/7.0.x
Status: New => Triaged
** Changed in: fuel/6.1.x
Assignee: (unassigned) => Fuel Library Team (fuel-library)
** Changed in: fuel/7.0.x
Assignee: (unassigned) => Fuel Library Team (fuel-library)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1412855
Title:
Horizon logs in with unencrypted credentials
Status in Fuel: OpenStack installer that works:
Triaged
Status in Fuel for OpenStack 6.1.x series:
Triaged
Status in Fuel for OpenStack 7.0.x series:
Triaged
Status in OpenStack Dashboard (Horizon):
Invalid
Bug description:
Horizon logs-in with unencrypted credentials over HTTP.
Steps:
1) Open browser development tools.
2) Log-in to Horizon
3) Find POST request with "/horizon/auth/login" path.
Request details:
Remote Address:172.16.0.2:80
Request URL:http://172.16.0.2/horizon/auth/login/
Request Method:POST
Status Code:302 FOUND
Form Data:
csrfmiddlewaretoken=ulASpgYAsaikVCWsBxH6kFN2MECpaT9Y®ion=http%3A%2F%2F192.168.0.1%3A5000%2Fv2.0&username=admin&password=admin
Actual: security settings are applied on stage of product deployment
Expected: use HTTPS by default to improve infrastructure security on
stage of installation and deployment.
Environment:
Fuel "build_id": "2014-12-26_14-25-46","release": "6.0"
Dashboard Version: 2014.2
To manage notifications about this bug go to:
https://bugs.launchpad.net/fuel/+bug/1412855/+subscriptions
