Public bug reported: Affected URL: https://Ip_address/admin/ Entity: csrftoken (Cookie) Risk: It may be possible to steal session information (cookies) that was kept on disk as permanent cookies.
Causes: The web application stores sensitive session information in a permanent cookie (on disk) Recommend Fix: Avoid storing sensitive session information in permanent cookies Test requests and response: GET /admin/ HTTP/1.1 Host: 9.5.29.52 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: https://9.5.29.52/ Cookie: csrftoken=JPjBiDp6Ex6YDw3sgfZPCTPUwWKZdZTm; sessionid=oad3bpy15qm8ntml9wx604yr79cc6zpb Connection: keep-alive HTTP/1.1 200 OK Date: Fri, 12 Sep 2014 07:52:50 GMT Server: Apache Vary: Accept-Language,Cookie,Accept-Encoding X-Frame-Options: SAMEORIGIN Content-Language: en Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html Set-Cookie: csrftoken=silTP6ARbLvXohF6YYFLlWHce0KZkjPy; expires=Fri, 11-Sep-2015 07:52:52 GMT; Max-Age=31449600; Path=/; secure Set-Cookie: sessionid=ygq094phgr6og471j6n0asq7x6q37j6n; httponly; Path=/; secure <!DOCTYPE html> <html> <head> 2014/9/12 516 <meta content='text/html; charset=utf-8' http-equiv='Content-Type' /> <title>Usage Overview - Cloud Management Dashboard</title> <!-- Copyright 2014 IBM Corp. Copyright 2014 OpenStack Foundation and others --> <link rel="stylesheet" href="/static/dashboard/css/5730bed76fd3.css" type="text/css" media="screen" /> <link rel="shortcut icon" href="/static/dashboard/img/favicon.png"/> <!-- Fix header padding issue in IE < 10 --> <!--[if lt IE 10 ]> <style> .topbar { padding-bottom: 0px; } </style> <![endif]--> <script type="text/javascript" src="/static/dashboard/js/841198948869.js"></script> <script type="text/javascript" charset="utf-8"> /* Added so that we can append Horizon scoped JS events to the DOM load events without running in to the "horizon" name-space not currently being defined since we load the scripts at the bottom of the page. */ var addHorizonLoadEvent = function(func) { var old_onload = window.onload; if (typeof window.onload != 'function') { window.onload = func; } else { window.onload = function() { old_onload(); func(); } } } </script> </head> <body id="" ng-app='hz'> <div id="container"> <div class='topbar'> <!-- Copyright 2014 IBM Corp. Copyright 2014 OpenStack Foundation and others --> <h1 class="brand"><a href="/home/">Cloud Management Dashboard</a></h1> <div id="user_info" class="pull-right"> <div id="tenant_switcher" class="dropdown switcher_bar hide_image " tabindex="1"> <div>admin</div> </div> <div id="profile_editor_switcher" class="dropdown switcher_bar" tabindex='1'> <a class="dropdown-toggle" data-toggle="dropdown" href="#profile_editor_switcher"> <div>admin</div> </a> <ul id="editor_list" class="dropdown-menu"> <li class='divider'></li> <li><a href="/settings/">Settings</a></li> <li><a href="http://docs.openstack.org"; target="_new">Help</a></li> <li><a href="/auth/logout/">Sign Out</a></li> </ul> </div> <img class="brand_icon" src="/static/dashboard/img/logo.png" alt=""/> </div> 2014/9/12 517 TOC </div> <div id='main_content'> <div class="messages"> </div> <div class='sidebar'> <div> <dl class="nav_accordion"> <dt > <div>Project</div> </dt> <dd style="display:none;"> <div><h4><div>Compute</div></h4> <ul> <li><a href="/project/" tabindex="1" >Overview</a></li> <li><a href="/project/instances/" tabindex="2" >Instances</a></li> <li><a href="/project/volumes/" tabindex="3" >Volumes</a></li> <li><a href="/project/images/" tabindex="4" >Images</a></li> <li><a href="/project/access_and_security/" tabindex="5" >Access & Security</a></li> </ul> </div> <div><h4><div>Network</div></h4> <ul> <li><a href="/project/network_topology/" tabindex="1" >Network Topology</a></li> <li><a href="/project/networks/" tabindex="2" >Networks</a></li> <li><a href="/project/routers/" tabindex="3" >Routers</a></li> </ul> </div> <div><h4><div>Orchestration</div></h4> <ul> <li><a href="/project/stacks/" tabindex="1" >Stacks</a></li> </ul> </div> ... ... ... ** Affects: horizon Importance: Undecided Status: New ** Also affects: openstack-chef Importance: Undecided Status: New ** No longer affects: ossa ** Also affects: horizon Importance: Undecided Status: New ** No longer affects: openstack-chef ** Description changed: Affected URL: https://Ip_address/admin/ Entity: csrftoken (Cookie) - Risk: It may be possible to steal session information (cookies) that was kept on disk as permanent cookies - Causes: The web application stores sensitive session information in a permanent cookie (on disk) - Recommend Fix: Avoid storing sensitive session information in permanent cookies + Risk: It may be possible to steal session information (cookies) that was kept on disk as permanent cookies. + + Causes: The web application stores sensitive session information in a + permanent cookie (on disk) + + Recommend Fix: Avoid storing sensitive session information in permanent + cookies Test requests and response: GET /admin/ HTTP/1.1 Host: 9.5.29.52 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: https://9.5.29.52/ Cookie: csrftoken=JPjBiDp6Ex6YDw3sgfZPCTPUwWKZdZTm; sessionid=oad3bpy15qm8ntml9wx604yr79cc6zpb Connection: keep-alive HTTP/1.1 200 OK Date: Fri, 12 Sep 2014 07:52:50 GMT Server: Apache Vary: Accept-Language,Cookie,Accept-Encoding X-Frame-Options: SAMEORIGIN Content-Language: en Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html Set-Cookie: csrftoken=silTP6ARbLvXohF6YYFLlWHce0KZkjPy; expires=Fri, 11-Sep-2015 07:52:52 GMT; Max-Age=31449600; Path=/; secure Set-Cookie: sessionid=ygq094phgr6og471j6n0asq7x6q37j6n; httponly; Path=/; secure <!DOCTYPE html> <html> <head> 2014/9/12 516 <meta content='text/html; charset=utf-8' http-equiv='Content-Type' /> <title>Usage Overview - Cloud Management Dashboard</title> <!-- Copyright 2014 IBM Corp. Copyright 2014 OpenStack Foundation and others --> <link rel="stylesheet" href="/static/dashboard/css/5730bed76fd3.css" type="text/css" media="screen" /> <link rel="shortcut icon" href="/static/dashboard/img/favicon.png"/> <!-- Fix header padding issue in IE < 10 --> <!--[if lt IE 10 ]> <style> .topbar { padding-bottom: 0px; } </style> <![endif]--> <script type="text/javascript" src="/static/dashboard/js/841198948869.js"></script> <script type="text/javascript" charset="utf-8"> /* Added so that we can append Horizon scoped JS events to the DOM load events without running in to the "horizon" name-space not currently being defined since we load the scripts at the bottom of the page. */ var addHorizonLoadEvent = function(func) { var old_onload = window.onload; if (typeof window.onload != 'function') { window.onload = func; } else { window.onload = function() { old_onload(); func(); } } } </script> </head> <body id="" ng-app='hz'> <div id="container"> <div class='topbar'> <!-- Copyright 2014 IBM Corp. Copyright 2014 OpenStack Foundation and others --> <h1 class="brand"><a href="/home/">Cloud Management Dashboard</a></h1> <div id="user_info" class="pull-right"> <div id="tenant_switcher" class="dropdown switcher_bar hide_image " tabindex="1"> <div>admin</div> </div> <div id="profile_editor_switcher" class="dropdown switcher_bar" tabindex='1'> <a class="dropdown-toggle" data-toggle="dropdown" href="#profile_editor_switcher"> <div>admin</div> </a> <ul id="editor_list" class="dropdown-menu"> <li class='divider'></li> <li><a href="/settings/">Settings</a></li> <li><a href="http://docs.openstack.org"; target="_new">Help</a></li> <li><a href="/auth/logout/">Sign Out</a></li> </ul> </div> <img class="brand_icon" src="/static/dashboard/img/logo.png" alt=""/> </div> 2014/9/12 517 TOC </div> <div id='main_content'> <div class="messages"> </div> <div class='sidebar'> <div> <dl class="nav_accordion"> <dt > <div>Project</div> </dt> <dd style="display:none;"> <div><h4><div>Compute</div></h4> <ul> <li><a href="/project/" tabindex="1" >Overview</a></li> <li><a href="/project/instances/" tabindex="2" >Instances</a></li> <li><a href="/project/volumes/" tabindex="3" >Volumes</a></li> <li><a href="/project/images/" tabindex="4" >Images</a></li> <li><a href="/project/access_and_security/" tabindex="5" >Access & Security</a></li> </ul> </div> <div><h4><div>Network</div></h4> <ul> <li><a href="/project/network_topology/" tabindex="1" >Network Topology</a></li> <li><a href="/project/networks/" tabindex="2" >Networks</a></li> <li><a href="/project/routers/" tabindex="3" >Routers</a></li> </ul> </div> <div><h4><div>Orchestration</div></h4> <ul> <li><a href="/project/stacks/" tabindex="1" >Stacks</a></li> </ul> </div> ... ... ... -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1369865 Title: Permanent Cookie Contains Sensitive Session Information Status in OpenStack Dashboard (Horizon): New Bug description: Affected URL: https://Ip_address/admin/ Entity: csrftoken (Cookie) Risk: It may be possible to steal session information (cookies) that was kept on disk as permanent cookies. Causes: The web application stores sensitive session information in a permanent cookie (on disk) Recommend Fix: Avoid storing sensitive session information in permanent cookies Test requests and response: GET /admin/ HTTP/1.1 Host: 9.5.29.52 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Referer: https://9.5.29.52/ Cookie: csrftoken=JPjBiDp6Ex6YDw3sgfZPCTPUwWKZdZTm; sessionid=oad3bpy15qm8ntml9wx604yr79cc6zpb Connection: keep-alive HTTP/1.1 200 OK Date: Fri, 12 Sep 2014 07:52:50 GMT Server: Apache Vary: Accept-Language,Cookie,Accept-Encoding X-Frame-Options: SAMEORIGIN Content-Language: en Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html Set-Cookie: csrftoken=silTP6ARbLvXohF6YYFLlWHce0KZkjPy; expires=Fri, 11-Sep-2015 07:52:52 GMT; Max-Age=31449600; Path=/; secure Set-Cookie: sessionid=ygq094phgr6og471j6n0asq7x6q37j6n; httponly; Path=/; secure <!DOCTYPE html> <html> <head> 2014/9/12 516 <meta content='text/html; charset=utf-8' http-equiv='Content-Type' /> <title>Usage Overview - Cloud Management Dashboard</title> <!-- Copyright 2014 IBM Corp. Copyright 2014 OpenStack Foundation and others --> <link rel="stylesheet" href="/static/dashboard/css/5730bed76fd3.css" type="text/css" media="screen" /> <link rel="shortcut icon" href="/static/dashboard/img/favicon.png"/> <!-- Fix header padding issue in IE < 10 --> <!--[if lt IE 10 ]> <style> .topbar { padding-bottom: 0px; } </style> <![endif]--> <script type="text/javascript" src="/static/dashboard/js/841198948869.js"></script> <script type="text/javascript" charset="utf-8"> /* Added so that we can append Horizon scoped JS events to the DOM load events without running in to the "horizon" name-space not currently being defined since we load the scripts at the bottom of the page. */ var addHorizonLoadEvent = function(func) { var old_onload = window.onload; if (typeof window.onload != 'function') { window.onload = func; } else { window.onload = function() { old_onload(); func(); } } } </script> </head> <body id="" ng-app='hz'> <div id="container"> <div class='topbar'> <!-- Copyright 2014 IBM Corp. Copyright 2014 OpenStack Foundation and others --> <h1 class="brand"><a href="/home/">Cloud Management Dashboard</a></h1> <div id="user_info" class="pull-right"> <div id="tenant_switcher" class="dropdown switcher_bar hide_image " tabindex="1"> <div>admin</div> </div> <div id="profile_editor_switcher" class="dropdown switcher_bar" tabindex='1'> <a class="dropdown-toggle" data-toggle="dropdown" href="#profile_editor_switcher"> <div>admin</div> </a> <ul id="editor_list" class="dropdown-menu"> <li class='divider'></li> <li><a href="/settings/">Settings</a></li> <li><a href="http://docs.openstack.org"; target="_new">Help</a></li> <li><a href="/auth/logout/">Sign Out</a></li> </ul> </div> <img class="brand_icon" src="/static/dashboard/img/logo.png" alt=""/> </div> 2014/9/12 517 TOC </div> <div id='main_content'> <div class="messages"> </div> <div class='sidebar'> <div> <dl class="nav_accordion"> <dt > <div>Project</div> </dt> <dd style="display:none;"> <div><h4><div>Compute</div></h4> <ul> <li><a href="/project/" tabindex="1" >Overview</a></li> <li><a href="/project/instances/" tabindex="2" >Instances</a></li> <li><a href="/project/volumes/" tabindex="3" >Volumes</a></li> <li><a href="/project/images/" tabindex="4" >Images</a></li> <li><a href="/project/access_and_security/" tabindex="5" >Access & Security</a></li> </ul> </div> <div><h4><div>Network</div></h4> <ul> <li><a href="/project/network_topology/" tabindex="1" >Network Topology</a></li> <li><a href="/project/networks/" tabindex="2" >Networks</a></li> <li><a href="/project/routers/" tabindex="3" >Routers</a></li> </ul> </div> <div><h4><div>Orchestration</div></h4> <ul> <li><a href="/project/stacks/" tabindex="1" >Stacks</a></li> </ul> </div> ... ... ... To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1369865/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
