octavia

Hardcoded default credentials for anchor

Bug #1548555 reported by Grant Murphy
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
octavia
Fix Released
High
min wang

Bug Description

The controller hard codes a default password for anchor. From a security perspective this should be avoided.

https://github.com/openstack/octavia/blob/master/octavia/common/config.py#L314

Michael Johnson (johnsom)
Changed in octavia:
importance: Undecided → High
Revision history for this message
min wang (swiftwangster) wrote :

https://review.openstack.org/#/c/299623/

Changed in octavia:
assignee: nobody → min wang (swiftwangster)
OpenStack Infra (hudson-openstack)
Changed in octavia:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to octavia (master)

Reviewed: https://review.openstack.org/299623
Committed: https://git.openstack.org/cgit/openstack/octavia/commit/?id=c358e1b99b3809e97bda6b457996a8dbf6db81b2
Submitter: Jenkins
Branch: master

commit c358e1b99b3809e97bda6b457996a8dbf6db81b2
Author: minwang <email address hidden>
Date: Wed Mar 30 13:51:52 2016 -0700

    Remove the default anchor usrename and password value

    Remove anchor's default value for username and password
    for the sake of a security perspective.

    Closes-Bug: #1548555

    Change-Id: I14f1b84f5161308fc23ef3776a796636ba61154d

Changed in octavia:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/octavia 0.9.0

This issue was fixed in the openstack/octavia 0.9.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.