yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #95815
[Bug 2109693] [NEW] User with the admin role can view the secret key of other user's EC2 credentials.
Public bug reported:
User with the admin role can view the secret key of other user's EC2 credential, even if it does not belong to the user.
I think that even user with admin role should be prevented from viewing the secret key of other user's EC2 credential and the secret key of other user's EC2 credential should be encrypted or masked.
** Affects: keystone
Importance: Undecided
Assignee: LeeChunghwan (chung00lee)
Status: New
** Changed in: keystone
Assignee: (unassigned) => LeeChunghwan (chung00lee)
** Summary changed:
- User with the admin role can view the secret key of all users' EC2 credentials.
+ User with the admin role can view the secret key of other user's EC2 credentials.
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/2109693
Title:
User with the admin role can view the secret key of other user's EC2
credentials.
Status in OpenStack Identity (keystone):
New
Bug description:
User with the admin role can view the secret key of other user's EC2 credential, even if it does not belong to the user.
I think that even user with admin role should be prevented from viewing the secret key of other user's EC2 credential and the secret key of other user's EC2 credential should be encrypted or masked.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/2109693/+subscriptions