yahoo-eng-team team mailing list archive

[changzhi <1899228@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

Here is the log on /var/log/nova/nova-compute.log, we can see
user_data='I2Nsb3VkLWNvbmZpZwpjaHBhc3N3ZDoKICBsaXN0OiB8CiAgICByb290OjEyMzQ1Njc4CiAgZXhwaXJlOiBGYWxzZQ==',
if you use python to do base64 decode, it will translate to '#cloud-
config\nchpasswd:\n list: |\n root:12345678\n expire: False', we can see
the root password is 12345678. Here is the method:

>>>base64.b64decode("I2Nsb3VkLWNvbmZpZwpjaHBhc3N3ZDoKICBsaXN0OiB8CiAgICByb290OjEyMzQ1Njc4CiAgZXhwaXJlOiBGYWxzZQ==")
b'#cloud-config\nchpasswd:\n  list: |\n    root:12345678\n  expire: False'

Although the password is been encrypted but it is easy to decrypted.

So, in order to avoid this, maybe we don't need to display the password
info?

** Affects: nova
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1899228

Title:
  Nova compute log can get the password info from the user_data

Status in OpenStack Compute (nova):
  New

Bug description:
  Here is the log on /var/log/nova/nova-compute.log, we can see
  user_data='I2Nsb3VkLWNvbmZpZwpjaHBhc3N3ZDoKICBsaXN0OiB8CiAgICByb290OjEyMzQ1Njc4CiAgZXhwaXJlOiBGYWxzZQ==',
  if you use python to do base64 decode, it will translate to '#cloud-
  config\nchpasswd:\n list: |\n root:12345678\n expire: False', we can
  see the root password is 12345678. Here is the method:

  >>>base64.b64decode("I2Nsb3VkLWNvbmZpZwpjaHBhc3N3ZDoKICBsaXN0OiB8CiAgICByb290OjEyMzQ1Njc4CiAgZXhwaXJlOiBGYWxzZQ==")
  b'#cloud-config\nchpasswd:\n  list: |\n    root:12345678\n  expire: False'

  Although the password is been encrypted but it is easy to decrypted.

  So, in order to avoid this, maybe we don't need to display the
  password info?

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1899228/+subscriptions