yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1549547] Re: LBaaS leaking password in DEBUG logs

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Bernard Cafarelli <bcafarel@xxxxxxxxxx>
Date: Mon, 15 Apr 2019 09:15:33 -0000
Reply-to: Bug 1549547 <1549547@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: neutron
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1549547

Title:
  LBaaS leaking password in DEBUG logs

Status in neutron:
  Fix Released
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  Current code leaks the keystone admin_password in the cfg into log
  files:

  Example from DevStack q-svc.log:
  [00;32mDEBUG oslo_service.service [^[[00;36m-^[[00;32m] ^[[01;35m^[[00;32mservice_auth.admin_password    = password

  Issue is that the cfg.StrOpt for admin_password did not set 'secret=True", which would give:
  service_auth.admin_password    = ****

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1549547/+subscriptions