[Openstack-security] [Bug 1750074] Re: Cinder logs rabbitmq password on connection log
Author: Eric Harney <eharney at redhat.com>
Date: Wed Feb 21 14:27:11 2018 -0500
Log config options with oslo.config
This removes some custom Cinder code which
handles filtering secret config options in a flaky way.
Filtering will now be based on the "secret=True" option
(cherry picked from commit 7d278042c5280e40d5ed68f504f45ef023f05e18)
(cherry picked from commit 4bc52eb7ba35da9005c7d28c341b0ce408216572)
** Tags added: in-stable-ocata
You received this bug notification because you are a member of OpenStack
Security SIG, which is subscribed to OpenStack.
Cinder logs rabbitmq password on connection log
Status in Cinder:
Status in Manila:
Status in OpenStack Security Advisory:
Cinder may log rabbitmq password on connection when DEBUG is on.
Example on cinder-scheduler.log file after enabling DEBUG:
(Password has been replaced with XXX)
2018-02-05 19:21:52.721 35 DEBUG cinder.service [req-a2dbe0dd-
14c9-4123-a69a-3623e5f0a4d7 - - - - -] transport_url :
rabbit://guest:XXX at 10.10.10.1:5672,guest:XXX at 10.10.10.2:5672,guest:XXX at 10.10.10.3:5672
In a production environment, this is pretty bad.
To manage notifications about this bug go to: