[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Openstack-security] [Bug 1750074] Fix included in openstack/cinder 11.1.1

This issue was fixed in the openstack/cinder 11.1.1 release.

You received this bug notification because you are a member of OpenStack
Security SIG, which is subscribed to OpenStack.

  Cinder logs rabbitmq password on connection log

Status in Cinder:
  Fix Released
Status in Manila:
  Fix Released
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  Cinder may log rabbitmq password on connection when DEBUG is on.

  Example on cinder-scheduler.log file after enabling DEBUG:
  (Password has been replaced with XXX)

  2018-02-05 19:21:52.721 35 DEBUG cinder.service [req-a2dbe0dd-
  14c9-4123-a69a-3623e5f0a4d7 - - - - -] transport_url :
  rabbit://guest:XXX at,guest:XXX at,guest:XXX at
  wait /usr/lib/python2.7/site-packages/cinder/service.py:611

  In a production environment, this is pretty bad.

To manage notifications about this bug go to: