Wilder Rodrigues created CLOUDSTACK-6252:
--------------------------------------------
Summary: Host password is stored in the database in the clear
Key: CLOUDSTACK-6252
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6252
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: Management Server
Affects Versions: Future, 4.4.0
Environment: Management Server running on Debian 7
DevCloud running on XenServer 6.2
Reporter: Wilder Rodrigues
Via the Management Server UI, when creating an advanced Zone and adding a host
to it, the host password is stored in the database in the clear.
All passwords should be encrypted before stored.
Check details below:
mysql> select * from host_details;
+----+---------+----------------------------------------------------+----------------------------------------+
| id | host_id | name | value
|
+----+---------+----------------------------------------------------+----------------------------------------+
| 1 | 1 | product_version | 6.2.0
|
| 2 | 1 | com.cloud.network.Networks.RouterPrivateIpStrategy | DcGlobal
|
| 3 | 1 | private.network.device | Pool-wide
network associated with eth0 |
| 4 | 1 | Hypervisor.Version | 4.1.5
|
| 5 | 1 | Host.OS | XenServer
|
| 6 | 1 | Host.OS.Kernel.Version |
2.6.32.43-0.4.1.xs1.8.0.835.170778xen |
| 7 | 1 | wait | 600
|
| 8 | 1 | password | changeme
|
| 9 | 1 | url |
10.1.1.203 |
| 10 | 1 | username | root
|
| 11 | 1 | xs620_snapshot_hotfix | false
|
| 12 | 1 | product_brand | XenServer
|
| 13 | 1 | product_version_text_short | 6.2
|
| 14 | 1 | Host.OS.Version | 6.2.0
|
| 15 | 1 | instance.name | VM
|
+----+---------+----------------------------------------------------+----------------------------------------+
--
This message was sent by Atlassian JIRA
(v6.2#6252)
