[jira] [Comment Edited] (CLOUDSTACK-6252) Host password is stored in the database in the clear

Wed, 01 Jul 2015 06:10:42 -0700 

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-6252?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13965024#comment-13965024
 ] 

Wilder Rodrigues edited comment on CLOUDSTACK-6252 at 7/1/15 1:09 PM:
----------------------------------------------------------------------

Changed severity from Major to Minor because it's related to unclear 
documentation.
Changed from Bug to Improvement because it would be nice to have it automated.


was (Author: wilder.rodrigues):
Changed severity from Major to Minor because it's related to unclear 
documentation.
Changed from Bug to Improvement be cause it would be nice to have it automated.

> Host password is stored in the database in the clear
> ----------------------------------------------------
>
>                 Key: CLOUDSTACK-6252
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6252
>             Project: CloudStack
>          Issue Type: Improvement
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Management Server
>    Affects Versions: Future
>         Environment: Management Server running on Debian 7
> DevCloud running on XenServer 6.2
>            Reporter: Wilder Rodrigues
>            Assignee: Wilder Rodrigues
>            Priority: Minor
>
> Via the Management Server UI, when creating an advanced Zone and adding a 
> host to it, the host password is stored in the database in the clear.
> All passwords should be encrypted before stored.
> Check details below:
> mysql> select * from host_details;
> +----+---------+----------------------------------------------------+----------------------------------------+
> | id | host_id | name                                               | value   
>                                |
> +----+---------+----------------------------------------------------+----------------------------------------+
> |  1 |       1 | product_version                                    | 6.2.0   
>                                | 
> |  2 |       1 | com.cloud.network.Networks.RouterPrivateIpStrategy | 
> DcGlobal                               | 
> |  3 |       1 | private.network.device                             | 
> Pool-wide network associated with eth0 | 
> |  4 |       1 | Hypervisor.Version                                 | 4.1.5   
>                                | 
> |  5 |       1 | Host.OS                                            | 
> XenServer                              | 
> |  6 |       1 | Host.OS.Kernel.Version                             | 
> 2.6.32.43-0.4.1.xs1.8.0.835.170778xen  | 
> |  7 |       1 | wait                                               | 600     
>                                | 
> |  8 |       1 | password                                           | 
> changeme                               | 
> |  9 |       1 | url                                                | 
> 10.1.1.203                             | 
> | 10 |       1 | username                                           | root    
>                                | 
> | 11 |       1 | xs620_snapshot_hotfix                              | false   
>                                | 
> | 12 |       1 | product_brand                                      | 
> XenServer                              | 
> | 13 |       1 | product_version_text_short                         | 6.2     
>                                | 
> | 14 |       1 | Host.OS.Version                                    | 6.2.0   
>                                | 
> | 15 |       1 | instance.name                                      | VM      
>                                | 
> +----+---------+----------------------------------------------------+----------------------------------------+



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to