yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1524675] Re: lbaasv2-agent is logging credentials from barbican

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Tristan Cacqueray <tdecacqu@xxxxxxxxxx>
Date: Tue, 05 Jan 2016 19:44:32 -0000
Reply-to: Bug 1524675 <1524675@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This is a class B3 type of bug (according to
https://security.openstack.org/vmt-process.html#incident-report-taxonomy
)

** Changed in: ossa
       Status: Incomplete => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1524675

Title:
  lbaasv2-agent is logging credentials from barbican

Status in neutron:
  In Progress
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  In liberty, a neutron-lbaasv2-agent is logging credentials retrieved
  from barbican when debug=True. (e.g. cert, private key, passphrase)

  this makes security issue.

  example: http://paste.openstack.org/show/481439/ (part of
  /var/log/neutron/neutron-lbaasv2-agent.log)

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1524675/+subscriptions

References

[Bug 1524675] [NEW] lbaasv2 is logging key that is on barbican
From: fujioka yuuichi, 2015-12-10