yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1451931] Re: ironic password config not marked as secret

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Jeremy Stanley <fungi@xxxxxxxxxxx>
Date: Tue, 05 May 2015 17:22:01 -0000
Reply-to: Bug 1451931 <1451931@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

In the past, the VMT has not considered info leaks in debug logs to
warrant an advisory. Reclassifying as security hardening.

** Information type changed from Public Security to Public

** Tags added: security

** Also affects: ossa
   Importance: Undecided
       Status: New

** Changed in: ossa
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1451931

Title:
  ironic password config not marked as secret

Status in OpenStack Compute (Nova):
  Triaged
Status in OpenStack Security Advisories:
  Won't Fix

Bug description:
  The ironic config option for the password and auth token are not
  marked as secret so the values will get logged during startup in debug
  mode.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1451931/+subscriptions

References

[Bug 1451931] [NEW] ironic password config not marked as secret
From: Joe Gordon, 2015-05-05