[Yahoo-eng-team] [Bug 1899229] [NEW] Nova compute log can get the password info from the user_data

changzhi Fri, 09 Oct 2020 18:31:34 -0700

Public bug reported:

Here is the log on /var/log/nova/nova-compute.log, we can see
user_data='I2Nsb3VkLWNvbmZpZwpjaHBhc3N3ZDoKICBsaXN0OiB8CiAgICByb290OjEyMzQ1Njc4CiAgZXhwaXJlOiBGYWxzZQ==',
if you use python to do base64 decode, it will translate to '#cloud-
config\nchpasswd:\n list: |\n root:12345678\n expire: False', we can see
the root password is 12345678. Here is the method:


>>>base64.b64decode("I2Nsb3VkLWNvbmZpZwpjaHBhc3N3ZDoKICBsaXN0OiB8CiAgICByb290OjEyMzQ1Njc4CiAgZXhwaXJlOiBGYWxzZQ==")
b'#cloud-config\nchpasswd:\n  list: |\n    root:12345678\n  expire: False'

Although the password is been encrypted but it is easy to decrypted.

So, in order to avoid this, maybe we don't need to display the password
info?

** Affects: nova
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1899229

Title:
  Nova compute log can get the password info from the user_data

Status in OpenStack Compute (nova):
  New

Bug description:
  Here is the log on /var/log/nova/nova-compute.log, we can see
  
user_data='I2Nsb3VkLWNvbmZpZwpjaHBhc3N3ZDoKICBsaXN0OiB8CiAgICByb290OjEyMzQ1Njc4CiAgZXhwaXJlOiBGYWxzZQ==',
  if you use python to do base64 decode, it will translate to '#cloud-
  config\nchpasswd:\n list: |\n root:12345678\n expire: False', we can
  see the root password is 12345678. Here is the method:

  
>>>base64.b64decode("I2Nsb3VkLWNvbmZpZwpjaHBhc3N3ZDoKICBsaXN0OiB8CiAgICByb290OjEyMzQ1Njc4CiAgZXhwaXJlOiBGYWxzZQ==")
  b'#cloud-config\nchpasswd:\n  list: |\n    root:12345678\n  expire: False'

  Although the password is been encrypted but it is easy to decrypted.

  So, in order to avoid this, maybe we don't need to display the
  password info?

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1899229/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1899229] [NEW] Nova compute log can get the password info from the user_data

Reply via email to