You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cloudstack.apache.org by "Parth Jagirdar (JIRA)" <ji...@apache.org> on 2013/07/01 20:08:21 UTC

[jira] [Created] (CLOUDSTACK-3308) UCS:DB: UCS Manager password should not get stored in plain text.

Parth Jagirdar created CLOUDSTACK-3308:
------------------------------------------

             Summary: UCS:DB: UCS Manager password should not get stored in plain text.
                 Key: CLOUDSTACK-3308
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-3308
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: UCS
    Affects Versions: 4.2.0
         Environment: Master with UCS and Basic Baremetal
            Reporter: Parth Jagirdar
            Priority: Critical


Observe the table below.

UCS manager password gets stored in plain text.


mysql> select * from ucs_manager;
+----+--------------------------------------+---------+------------+--------------+----------+----------------+
| id | uuid                                 | zone_id | name       | url          | username | password       |
+----+--------------------------------------+---------+------------+--------------+----------+----------------+
|  1 | ec179fa5-a38c-4df0-a688-b89c29764b1d |       2 | ucsmanager | 10.223.184.2 | admin    | C1tr1x99       |
|  2 | c14c6917-274b-47f1-b2f8-e7af767fe5c6 |       2 | ucsmanager | 10.223.184.2 | admin    | C1tr1x99       |
|  3 | 10e7ef23-f9b9-49f4-aac5-8508eb882a52 |       2 | ucsmanager | 10.223.184.2 | admin    | C1tr1x99       |
|  4 | be42a44f-4ae6-41ba-9e13-76a7707dcf5e |       2 | ucsmanager | 10.223.184.2 | admin    | C1tr1x99       |
|  5 | b464511b-e961-4b65-9c9c-9cf5974f5cd1 |       2 | ucsmanager | 10.223.184.2 | admin    | C1tr1x99       |
|  6 | dd669374-27f8-49d3-9425-498af6bbc16e |       2 | ucsmanager | 10.223.184.2 | admin    | C1tr1x99       |
|  7 | 7e902e15-e634-41a9-9bed-d6134bb7a377 |       2 | ucsmanager | 10.223.184.2 | admin    | C1tr1x99       |
|  8 | 1d6775c8-270a-461c-9b28-7b1b2acbbd5e |       2 | ucsmanager | 10.223.184.2 | aa       | C1tr1x99       |
|  9 | 4da9accc-eb7c-42fb-a23c-3c45716db1f5 |       2 | ucsmanager | 10.223.184.2 | admin    | C1tr1x99       |
| 10 | 55023c65-4470-4ee7-b264-f19cd4065c75 |       2 | ucsmanager | 10.223.184.2 | admin    | wrong-password |
+----+--------------------------------------+---------+------------+--------------+----------+----------------+
10 rows in set (0.00 sec)


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira