[I] Password for IPMI user showing up in plain text in the log files [cloudstack]

Wed, 17 Jan 2024 06:46:47 -0800 


Tbaugus44 opened a new issue, #8526:
URL: https://github.com/apache/cloudstack/issues/8526

   <!--
   Verify first that your issue/request is not already reported on GitHub.
   Also test if the latest release and main branch are affected too.
   Always add information AFTER of these HTML comments, but no need to delete 
the comments.
   -->
   
   ##### ISSUE TYPE
   <!-- Pick one below and delete the rest -->
    * Bug Report
   
   
   ##### COMPONENT NAME
   <!--
   Categorize the issue, e.g. API, VR, VPN, UI, etc.
   -->
   ~~~
   Log Files
   ~~~
   
   ##### CLOUDSTACK VERSION
   <!--
   New line separated list of affected versions, commit ID for issues on main 
branch.
   -->
   
   ~~~
   4.18.1
   ~~~
   
   ##### CONFIGURATION
   <!--
   Information about the configuration if relevant, e.g. basic network, 
advanced networking, etc.  N/A otherwise
   -->
   
   
   ##### OS / ENVIRONMENT
   <!--
   Information about the environment if relevant, N/A otherwise
   -->
   OS= Ubuntu 22.04, KVM, OOBM HPE ILO for HA enabled hosts 
   
   ##### SUMMARY
   <!-- Explain the problem/feature briefly -->
   We setuo HA for our host and the OOBM IPMI users password is displayed in 
plain text when you tail or open the /var/log/cloudstack/management/ 
management-server.log
   
   ##### STEPS TO REPRODUCE
   <!--
   For bugs, show exactly how to reproduce the problem, using a minimal 
test-case. Use Screenshots if accurate.
   
   For new features, show how the feature would be used.
   -->
   
   <!-- Paste example playbooks or commands between quotes below -->
   ~~~
   
   
![image](https://github.com/apache/cloudstack/assets/148808916/498e073c-f3f6-474d-86b5-39e8404a449a)
   
   we change the IP address and password for security purposes.
   also, the IPMI user needs to be a full admin with privilege to change users 
accounts. is that expected?
   ~~~
   
   <!-- You can also paste gist.github.com links for larger files -->
   
   ##### EXPECTED RESULTS
   <!-- What did you expect to happen when running the steps above? -->
   
   ~~~
   for the password to be encrypted in the log files 
   also, the IPMI user needs to be a full admin with privilege to change users 
accounts. is that expected?
   ~~~
   
   ##### ACTUAL RESULTS
   <!-- What actually happened? -->
   
   <!-- Paste verbatim command output between quotes below -->
   ~~~
   The password is visible in plain text
   ~~~
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to