yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #72172
[Bug 1761538] Re: Cookie hash value displayed in rabbitmq logs
This likely is more related to RabbitMQ (and as fungi pointed out,
should probably be noted in OSSN) if it has a security impact on
OpenStack as a whole, rather than specifically keystone.
** Also affects: ossn
Importance: Undecided
Status: New
** Changed in: keystone
Status: New => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1761538
Title:
Cookie hash value displayed in rabbitmq logs
Status in OpenStack Identity (keystone):
Invalid
Status in OpenStack Security Notes:
New
Bug description:
ENabled rabbitmq debug and restarted the process. Found sensitive data
displayed in logs.
rabbitmq uses Erlang cookie concept where a cluster of nodes
communicates to each other. Any node that posses this secret cookie
can communicate with other nodes in the cluster.
=INFO REPORT==== 31-Mar-2018::03:28:46 ===
stopped SSL Listener on [::]:5671
=INFO REPORT==== 31-Mar-2018::03:28:46 ===
Stopped RabbitMQ application
=INFO REPORT==== 31-Mar-2018::03:28:46 ===
Halting Erlang VM
=INFO REPORT==== 31-Mar-2018::03:29:54 ===
Starting RabbitMQ 3.6.6 on Erlang 19.1.1
Copyright (C) 2007-2016 Pivotal Software, Inc.
Licensed under the MPL. See http://www.rabbitmq.com/
=INFO REPORT==== 31-Mar-2018::03:29:54 ===
node : rabbit@ip9-114-192-221
home dir : /var/lib/rabbitmq
config file(s) : /etc/rabbitmq/rabbitmq.config
cookie hash : RVLZk6qSkQ471Dqtfk14wA==
log : /var/log/rabbitmq/rabbit@xxxxxxxxxxxxxxxxxxx
sasl log : /var/log/rabbitmq/rabbit@xxxxxxxxxxxxxxxxxxxxxxxx
database dir : /var/lib/rabbitmq/mnesia/rabbit@ip9-114-192-221
=INFO REPORT==== 31-Mar-2018::03:29:57 ===
Memory limit set to 3876MB of 9690MB total.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1761538/+subscriptions
References
