You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Wilder Rodrigues (JIRA)" <ji...@apache.org> on 2014/03/31 12:17:16 UTC

[jira] [Assigned] (CLOUDSTACK-6252) Host password is stored in the database in the clear

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-6252?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Wilder Rodrigues reassigned CLOUDSTACK-6252:
--------------------------------------------

    Assignee: Wilder Rodrigues

> Host password is stored in the database in the clear
> ----------------------------------------------------
>
>                 Key: CLOUDSTACK-6252
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6252
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Management Server
>    Affects Versions: Future
>         Environment: Management Server running on Debian 7
> DevCloud running on XenServer 6.2
>            Reporter: Wilder Rodrigues
>            Assignee: Wilder Rodrigues
>
> Via the Management Server UI, when creating an advanced Zone and adding a host to it, the host password is stored in the database in the clear.
> All passwords should be encrypted before stored.
> Check details below:
> mysql> select * from host_details;
> +----+---------+----------------------------------------------------+----------------------------------------+
> | id | host_id | name                                               | value                                  |
> +----+---------+----------------------------------------------------+----------------------------------------+
> |  1 |       1 | product_version                                    | 6.2.0                                  | 
> |  2 |       1 | com.cloud.network.Networks.RouterPrivateIpStrategy | DcGlobal                               | 
> |  3 |       1 | private.network.device                             | Pool-wide network associated with eth0 | 
> |  4 |       1 | Hypervisor.Version                                 | 4.1.5                                  | 
> |  5 |       1 | Host.OS                                            | XenServer                              | 
> |  6 |       1 | Host.OS.Kernel.Version                             | 2.6.32.43-0.4.1.xs1.8.0.835.170778xen  | 
> |  7 |       1 | wait                                               | 600                                    | 
> |  8 |       1 | password                                           | changeme                               | 
> |  9 |       1 | url                                                | 10.1.1.203                             | 
> | 10 |       1 | username                                           | root                                   | 
> | 11 |       1 | xs620_snapshot_hotfix                              | false                                  | 
> | 12 |       1 | product_brand                                      | XenServer                              | 
> | 13 |       1 | product_version_text_short                         | 6.2                                    | 
> | 14 |       1 | Host.OS.Version                                    | 6.2.0                                  | 
> | 15 |       1 | instance.name                                      | VM                                     | 
> +----+---------+----------------------------------------------------+----------------------------------------+



--
This message was sent by Atlassian JIRA
(v6.2#6252)