[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Openstack-security] [Bug 1666959] Re: ha_vrrp_auth_type defaults to PASS which is insecure

** Changed in: neutron
       Status: New => Won't Fix

You received this bug notification because you are a member of OpenStack
Security SIG, which is subscribed to OpenStack.

  ha_vrrp_auth_type defaults to PASS which is insecure

Status in neutron:
  Won't Fix
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  With l3_ha enabled, ha_vrrp_auth_type defaults to PASS authentication:


  which according to http://louwrentius.com/configuring-attacking-and-
  securing-vrrp-on-linux.html is totally insecure because the VRRP
  password is transmitted in the clear.

  I'm not sure if this is currently a serious issue, since if the VRRP
  network is untrusted, maybe there are already bigger problems.  But I
  thought it was worth reporting, at least.

To manage notifications about this bug go to: