[
https://issues.apache.org/jira/browse/CLOUDSTACK-6285?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sheng Yang updated CLOUDSTACK-6285:
-----------------------------------
Description:
There is a bug in savepassword.sh since long time ago, that when VR try to
update the passwords file, it may accidentally clear the password of other VRs
due to the IP address it contained.
+sed -i /$VM_IP/d $PASSWD_FILE
This line would match 10.1.1.223, 10.1.1.224 etc for 10.1.1.2, thus result in
clear them all.
It's not critical because user can reset the password again later.
was:
There is a error in savepassword.sh since 2010, that when VR try to update the
passwords file, it may accidentally clear the password of other VRs due to the
IP address it contained.
+sed -i /$VM_IP/d $PASSWD_FILE
This line would match 10.1.1.223, 10.1.1.224 etc for 10.1.1.2, thus result in
clear them all.
> Some passwords in the VR would be cleared out by accident due to falsely
> match in the savepassword.sh
> -----------------------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-6285
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6285
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Virtual Router
> Affects Versions: 4.2.1, 4.4.0, 4.3.1
> Reporter: Sheng Yang
> Assignee: Sheng Yang
> Fix For: 4.2.1, 4.4.0, 4.3.1
>
>
> There is a bug in savepassword.sh since long time ago, that when VR try to
> update the passwords file, it may accidentally clear the password of other
> VRs due to the IP address it contained.
> +sed -i /$VM_IP/d $PASSWD_FILE
> This line would match 10.1.1.223, 10.1.1.224 etc for 10.1.1.2, thus result in
> clear them all.
> It's not critical because user can reset the password again later.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
