Rubueno opened a new issue, #6901:
URL: https://github.com/apache/cloudstack/issues/6901
##### ISSUE TYPE
* Security
##### COMPONENT NAME
~~~
DB
~~~
##### CLOUDSTACK VERSION
~~~
Tested on at least 4.16.1, but expecting versions since the introduction of
K8s support to be affected
~~~
##### CONFIGURATION
N/A
##### OS / ENVIRONMENT
N/A
##### SUMMARY
The k8s cluster admin credentials are stored plaintext in the database. This
is a security risk.
##### STEPS TO REPRODUCE
~~~
- Create cluster in UI or API
- In sql `select * from kubernetes_cluster_details where name='password';`
~~~
##### EXPECTED RESULTS
~~~
Expected credentials to be encrypted just like we do with other components.
~~~
##### ACTUAL RESULTS
```MariaDB [cloud]> select * from kubernetes_cluster_details where
name='password';
+----+------------+----------+----------------------------+---------+
| id | cluster_id | name | value | display |
+----+------------+----------+----------------------------+---------+
| 2 | 1 | password | jlm9koisse5h3n9h7vhg1e3at1 | 0 |
+----+------------+----------+----------------------------+---------+
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
