OpenStack Identity (keystone)

When Keystone is in DEBUG mode, Password are printed in clear text in keystone.log

Bug #1050288 reported by Nir Magnezi on 2012-09-13

This bug report is a duplicate of: Bug #1004114: Password logging. Edit Remove

14

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Confirmed	Medium	Unassigned

Bug Description

Scenario:
=========

1. Set Keystone to DEBUG Mode:
a. Change: debug = True in /etc/keystone/keystone.conf
b. Restart keystone: service openstack-keystone restart
2. tail -f /var/log/keystone/keystone.log | grep password
3. Login Openstack via Dashbaord.

Result:
=======

1. You'll see the password in clear text:
2012-09-13 11:48:33 DEBUG [keystone.common.wsgi]
2012-09-13 11:48:33 DEBUG [keystone.common.wsgi] ******************** REQUEST BODY ********************
2012-09-13 11:48:33 DEBUG [keystone.common.wsgi] {"auth": {"passwordCredentials": {"username": "admin", "password": "secret"}}}
2012-09-13 11:48:33 DEBUG [keystone.common.wsgi]

(Reproduced several times 100% reproducible)
Attached logs:
compute.log

Tags:

Revision history for this message

Nir Magnezi (nmagnezi) wrote on 2012-09-13:

#1

keystone.log Edit (40.3 KiB, text/plain)

Revision history for this message

Thierry Carrez (ttx) wrote on 2012-09-13:

#2

Looks like Keystone should borrow Nova's log scrubbing feature.

Changed in keystone:
importance:	Undecided → Medium
status:	New → Confirmed

Revision history for this message

Thierry Carrez (ttx) wrote on 2012-09-13:

#3

Adding keystone-core

Revision history for this message

Dolph Mathews (dolph) wrote on 2012-09-13:

#4

I'd suggest marking this as public (and/or dupe), as this is already documented pretty clearly in the default etc/keystone.conf.sample as a result of bug 1004114:

    # Print more verbose output
    # (includes plaintext request logging, potentially including passwords)
    # debug = False

See: https://github.com/openstack/keystone/commit/0abf6ba2

Revision history for this message

Thierry Carrez (ttx) wrote on 2012-09-13:

#5

Agreed, it's more a welcome strengthening than a vulnerability.
Russell: agree to open ?

tags:

added: security

Revision history for this message

Steve Beattie (sbeattie) wrote on 2012-09-13: Re: [Bug 1050288] Re: When Keystone is in DEBUG mode, Password are printed in clear text in keystone.log

#6

On Thu, Sep 13, 2012 at 02:41:14PM -0000, Thierry Carrez wrote:
> Agreed, it's more a welcome strengthening than a vulnerability.
> Russell: agree to open ?

I'm not Russell, but I'd agree with that.

--
Steve Beattie
<email address hidden>
http://NxNW.org/~steve/

Revision history for this message

Gabriel Hurley (gabriel-hurley) wrote on 2012-09-13:

#7

I would also agree this doesn't warrent being a private security vulnerability. There's no exploit here, only an unfortunate oversight in a setting that's absolutely NOT recommended for deployment to begin with.

This sounds like a great candidate for a feature to be pulled into openstack-common so all the projects can use it!

Joseph Heck (heckj) on 2012-09-13

security vulnerability:	yes → no
visibility:	private → public

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1004114 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

keystone.log Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.