cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-6315) Password visible in plan text during volume migration.
Date Mon, 21 Apr 2014 08:38:16 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-6315?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13975483#comment-13975483
] 

ASF subversion and git services commented on CLOUDSTACK-6315:
-------------------------------------------------------------

Commit 57f3e21317ee77befcb7af7d2c6cf5f1c0eacffa in cloudstack's branch refs/heads/master from
[~anshulg]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=57f3e21 ]

CLOUDSTACK-6287, CLOUDSTACK-6315 : fixed password visible in plain text in some hyperv request
params/json response


> Password visible in plan text during volume migration.
> ------------------------------------------------------
>
>                 Key: CLOUDSTACK-6315
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6315
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Hypervisor Controller, Storage Controller
>    Affects Versions: 4.3.0
>         Environment: Management server CentOS 6.3 x86_64, with Hyperv hypervisor 
>            Reporter: Tejas
>            Assignee: Anshul Gangwar
>              Labels: security
>
> During volume Migration form one Primary Storage to another, password was visible in
plan text.
> 2014-03-28 17:53:39,059 DEBUG [c.c.h.h.r.HypervDirectConnectResource] (DirectAgent-216:ctx-89b9eb84)
POST response is [{"org.apache.cloudstack.storage.command.CopyCmdAnswer":{"result":true,"details":null,"newData":{"org.apache.cloudstack.storage.to.VolumeObjectTO":{"dataStore":{"org.apache.cloudstack.storage.to.PrimaryDataStoreTO":{"uuid":"7890d244-e307-320e-ac42-f90e925b32b8","id":5,"poolType":"SMB","host":"10.129.150.24","path":"/vol_cifs?user=administrator&domain=nw.com","port":445,"url":"SMB://10.129.150.24//vol_cifs?user=administrator&domain=nw.com/?ROLE=Primary&STOREUUID=7890d244-e307-320e-ac42-f90e925b32b8"}},"format":"VHD","name":"ROOT-7","path":"\\10.129.150.24\vol_cifs\ROOT-7.vhd","uuid":"ca572e34-ffa6-4cce-bb24-44c989b4156e","size":10737418240,"primaryDataStore":{"host":"10.129.150.24","uri":"cifs://10.129.150.24/vol_cifs?user=administrator&domain=nw.com","_role":null,"Path":"\\10.129.150.24/vol_cifs","UncPath":"\\10.129.150.24/vol_cifs","User":"administrator","Password":"C1sco123","Domain":"nw.com","isLocal":false},"nfsDataStore":null,"FullFileName":"\\10.129.150.24\vol_cifs\ROOT-7.vhd"}},"contextMap":{}}}]
> 2014-03-28 17:53:39,060 DEBUG [c.c.h.h.r.HypervDirectConnectResource] (DirectAgent-216:ctx-89b9eb84)
executeRequest received response [Lcom.cloud.agent.api.Answer;@31c91ca



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message