← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1451931] [NEW] ironic password config not marked as secret

 

*** This bug is a security vulnerability ***

Public security bug reported:

The ironic config option for the password and auth token are not marked
as secret so the values will get logged during startup in debug mode.

** Affects: nova
     Importance: Medium
     Assignee: Joe Gordon (jogo)
         Status: Triaged


** Tags: kilo-backport-potential

** Information type changed from Public to Public Security

** Tags added: kilo-backport-potential

** Changed in: nova
       Status: New => Triaged

** Changed in: nova
     Assignee: (unassigned) => Joe Gordon (jogo)

** Changed in: nova
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1451931

Title:
  ironic password config not marked as secret

Status in OpenStack Compute (Nova):
  Triaged

Bug description:
  The ironic config option for the password and auth token are not
  marked as secret so the values will get logged during startup in debug
  mode.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1451931/+subscriptions


Follow ups

References