[Bug 2085607] [NEW] Obfuscation issues in sosreport sos 4.7.2
Launchpad Bug Tracker
2085607 at bugs.launchpad.net
Sun Nov 17 15:29:42 UTC 2024
You have been subscribed to a public bug by Arif Ali (arif-ali):
[ Impact ]
When doing SRU for sos 4.7.2 we encountered obfuscation issues, although
not a regression at the time, it was still an issue that had been
present for a while
So, these passwords would be fully visible to the end support personnel
and therefore leaked passwords.
[ Test Plan ]
1. Deploy a sunbeam simple cloud, and run the sos report, check to see if passwords are obfuscated in configuration file
2. Deploy heat, and ensure auth_encryption_key is obfuscated in configuration file
3. Deploy placement, and ensure that both NOVA_API_PASS and PLACEMENT_PASS are obfuscated in configuration file
4. Deploy mysql and ensure password field is obfuscated in configuration file
5. On a jammy node, ensure that the msr module doesn't load when sos report is run.
[ Where problems could occur ]
The corresponding files are not obfuscated, and we need to update the
patches
** Affects: sosreport (Ubuntu Focal)
Importance: High
Assignee: Arif Ali (arif-ali)
Status: In Progress
** Affects: sosreport (Ubuntu Jammy)
Importance: High
Assignee: Arif Ali (arif-ali)
Status: In Progress
** Affects: sosreport (Ubuntu Noble)
Importance: High
Assignee: Arif Ali (arif-ali)
Status: In Progress
** Affects: sosreport (Ubuntu Oracular)
Importance: High
Assignee: Arif Ali (arif-ali)
Status: In Progress
--
Obfuscation issues in sosreport sos 4.7.2
https://bugs.launchpad.net/bugs/2085607
You received this bug notification because you are a member of Ubuntu Sponsors, which is subscribed to the bug report.
More information about the Ubuntu-sponsors
mailing list