yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1549981] Re: LBaaS Netscaler driver leaks password in DEBUG mode

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1549981@xxxxxxxxxxxxxxxxxx>
Date: Fri, 26 Feb 2016 05:40:31 -0000
Reply-to: Bug 1549981 <1549981@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/285079
Committed: https://git.openstack.org/cgit/openstack/neutron-lbaas/commit/?id=5afdb1f071600ba2f79fe60df27bc5d0ebede728
Submitter: Jenkins
Branch:    master

commit 5afdb1f071600ba2f79fe60df27bc5d0ebede728
Author: Aaron Rosen <aaronorosen@xxxxxxxxx>
Date:   Thu Feb 25 18:02:42 2016 -0800

    Set netscaler_ncc_password as secret to prevent it from being logged
    
    Change-Id: Ibd997db813b82280d038345c3e0eb34b698181ab
    Closes-Bug: #1549981


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1549981

Title:
  LBaaS Netscaler driver leaks password in DEBUG mode

Status in neutron:
  Fix Released
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  The Neutron LBaaS netscaler_driver_v2.py file leaks the
  'netscaler_ncc_password' used to login to the Netscaler Control Center
  Server.

  This happens only under DEBUG mode as part of logging option values
  when that logging enabled in the config.

  The simple fix is mark the cfg.StrOpt with 'secret=True' option so log
  output sanitizes by obfuscating.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1549981/+subscriptions