Reviewed: https://review.openstack.org/285079 Committed: https://git.openstack.org/cgit/openstack/neutron-lbaas/commit/?id=5afdb1f071600ba2f79fe60df27bc5d0ebede728 Submitter: Jenkins Branch: master
commit 5afdb1f071600ba2f79fe60df27bc5d0ebede728 Author: Aaron Rosen <[email protected]> Date: Thu Feb 25 18:02:42 2016 -0800 Set netscaler_ncc_password as secret to prevent it from being logged Change-Id: Ibd997db813b82280d038345c3e0eb34b698181ab Closes-Bug: #1549981 ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1549981 Title: LBaaS Netscaler driver leaks password in DEBUG mode Status in neutron: Fix Released Status in OpenStack Security Advisory: Won't Fix Bug description: The Neutron LBaaS netscaler_driver_v2.py file leaks the 'netscaler_ncc_password' used to login to the Netscaler Control Center Server. This happens only under DEBUG mode as part of logging option values when that logging enabled in the config. The simple fix is mark the cfg.StrOpt with 'secret=True' option so log output sanitizes by obfuscating. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1549981/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
