You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cloudstack.apache.org by "Tbaugus44 (via GitHub)" <gi...@apache.org> on 2024/01/17 14:46:42 UTC

[I] Password for IPMI user showing up in plain text in the log files [cloudstack]

Tbaugus44 opened a new issue, #8526:
URL: https://github.com/apache/cloudstack/issues/8526

   <!--
   Verify first that your issue/request is not already reported on GitHub.
   Also test if the latest release and main branch are affected too.
   Always add information AFTER of these HTML comments, but no need to delete the comments.
   -->
   
   ##### ISSUE TYPE
   <!-- Pick one below and delete the rest -->
    * Bug Report
   
   
   ##### COMPONENT NAME
   <!--
   Categorize the issue, e.g. API, VR, VPN, UI, etc.
   -->
   ~~~
   Log Files
   ~~~
   
   ##### CLOUDSTACK VERSION
   <!--
   New line separated list of affected versions, commit ID for issues on main branch.
   -->
   
   ~~~
   4.18.1
   ~~~
   
   ##### CONFIGURATION
   <!--
   Information about the configuration if relevant, e.g. basic network, advanced networking, etc.  N/A otherwise
   -->
   
   
   ##### OS / ENVIRONMENT
   <!--
   Information about the environment if relevant, N/A otherwise
   -->
   OS= Ubuntu 22.04, KVM, OOBM HPE ILO for HA enabled hosts 
   
   ##### SUMMARY
   <!-- Explain the problem/feature briefly -->
   We setuo HA for our host and the OOBM IPMI users password is displayed in plain text when you tail or open the /var/log/cloudstack/management/ management-server.log
   
   ##### STEPS TO REPRODUCE
   <!--
   For bugs, show exactly how to reproduce the problem, using a minimal test-case. Use Screenshots if accurate.
   
   For new features, show how the feature would be used.
   -->
   
   <!-- Paste example playbooks or commands between quotes below -->
   ~~~
   
   ![image](https://github.com/apache/cloudstack/assets/148808916/498e073c-f3f6-474d-86b5-39e8404a449a)
   
   we change the IP address and password for security purposes.
   also, the IPMI user needs to be a full admin with privilege to change users accounts. is that expected?
   ~~~
   
   <!-- You can also paste gist.github.com links for larger files -->
   
   ##### EXPECTED RESULTS
   <!-- What did you expect to happen when running the steps above? -->
   
   ~~~
   for the password to be encrypted in the log files 
   also, the IPMI user needs to be a full admin with privilege to change users accounts. is that expected?
   ~~~
   
   ##### ACTUAL RESULTS
   <!-- What actually happened? -->
   
   <!-- Paste verbatim command output between quotes below -->
   ~~~
   The password is visible in plain text
   ~~~
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] Password for IPMI user showing up in plain text in the log files [cloudstack]

Posted by "happyalexkg (via GitHub)" <gi...@apache.org>.

happyalexkg commented on issue #8526:
URL: https://github.com/apache/cloudstack/issues/8526#issuecomment-1898076293

   Good Day
   this log:
   access.log:ip - - [25/Dec/2023:04:34:18 +0000] "GET /client/api/?username=Admin&password=password&address=ip_ipmi&port=623&driver=ipmitool&hostid=831942b3-21ce-4c37-8dd3-e143307e3550&command=configureOutOfBandManagement&response=json HTTP/1.0" 200 298 "https://cloud/client/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 61
   
   also in management.log
   2023-12-25 10:34:53,061 DEBUG [o.a.c.u.p.ProcessRunner] (pool-1-thread-1:null) (logid:c0e97e5e) Preparing command [/usr/bin/ipmitool -I lanplus -R 1 -v -H ip_ipmi -p 623 -U Admin -P password chassis power status] to execute.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] Password for IPMI user showing up in plain text in the log files [cloudstack]

Posted by "Tbaugus44 (via GitHub)" <gi...@apache.org>.

Tbaugus44 commented on issue #8526:
URL: https://github.com/apache/cloudstack/issues/8526#issuecomment-1941676163

   @DaanHoogland is there any update to this bug? 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] Password for IPMI user showing up in plain text in the log files [cloudstack]

Posted by "DaanHoogland (via GitHub)" <gi...@apache.org>.

DaanHoogland commented on issue #8526:
URL: https://github.com/apache/cloudstack/issues/8526#issuecomment-1943423355

   @Tbaugus44 we have to first have a PR to be able to say it will be fixed in a version. for now the operator has to take care of things and yes, your solution seems feasible for now.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] Password for IPMI user showing up in plain text in the log files [cloudstack]

Posted by "DaanHoogland (via GitHub)" <gi...@apache.org>.

DaanHoogland commented on issue #8526:
URL: https://github.com/apache/cloudstack/issues/8526#issuecomment-1941851528

   > @DaanHoogland is there any update to this bug?
   
   no, nothing happened :| 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] Password for IPMI user showing up in plain text in the log files [cloudstack]

Posted by "DaanHoogland (via GitHub)" <gi...@apache.org>.

DaanHoogland commented on issue #8526:
URL: https://github.com/apache/cloudstack/issues/8526#issuecomment-1898056022

   @Tbaugus44 , can you add an example log? that will make it easier for anybody picking this up to find the source of the issue. thanks.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] Password for IPMI user showing up in plain text in the log files [cloudstack]

Posted by "Tbaugus44 (via GitHub)" <gi...@apache.org>.

Tbaugus44 commented on issue #8526:
URL: https://github.com/apache/cloudstack/issues/8526#issuecomment-1942118308

   @DaanHoogland  so does this mean we have to wait for a 4.19.1 release for this issue to be fixed? or what are some next steps? I know we could encrypt the logs and have other third-party software do that for us. is that the best solution for the time begin? 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org