[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Openstack-security] [Bug 1761538] Re: Cookie hash value displayed in rabbitmq logs

If this behavior is configurable or other mitigation can be devised, or
if it gets patched upstream in rabbitmq, then a security note (not
advisory) may be appropriate to let operators know about the risk and
what they can do.

You received this bug notification because you are a member of OpenStack
Security SIG, which is subscribed to OpenStack.

  Cookie hash value displayed in rabbitmq logs

Status in OpenStack Identity (keystone):

Bug description:
  ENabled rabbitmq debug and restarted the process. Found sensitive data
  displayed in logs.

  rabbitmq uses Erlang cookie concept where a cluster of nodes
  communicates to each other. Any node that posses this secret cookie
  can communicate with other nodes in the cluster.

  =INFO REPORT==== 31-Mar-2018::03:28:46 ===
  stopped SSL Listener on [::]:5671

  =INFO REPORT==== 31-Mar-2018::03:28:46 ===
  Stopped RabbitMQ application

  =INFO REPORT==== 31-Mar-2018::03:28:46 ===
  Halting Erlang VM

  =INFO REPORT==== 31-Mar-2018::03:29:54 ===
  Starting RabbitMQ 3.6.6 on Erlang 19.1.1
  Copyright (C) 2007-2016 Pivotal Software, Inc.
  Licensed under the MPL.  See http://www.rabbitmq.com/

  =INFO REPORT==== 31-Mar-2018::03:29:54 ===
  node           : rabbit at ip9-114-192-221
  home dir       : /var/lib/rabbitmq
  config file(s) : /etc/rabbitmq/rabbitmq.config
  cookie hash    : RVLZk6qSkQ471Dqtfk14wA==
  log            : /var/log/rabbitmq/rabbit at ip9-114-192-221.log
  sasl log       : /var/log/rabbitmq/rabbit at ip9-114-192-221-sasl.log
  database dir   : /var/lib/rabbitmq/mnesia/rabbit at ip9-114-192-221

  =INFO REPORT==== 31-Mar-2018::03:29:57 ===
  Memory limit set to 3876MB of 9690MB total.

To manage notifications about this bug go to: