Return-Path: X-Original-To: apmail-cloudstack-issues-archive@www.apache.org Delivered-To: apmail-cloudstack-issues-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D28C51114C for ; Mon, 21 Apr 2014 08:38:20 +0000 (UTC) Received: (qmail 81429 invoked by uid 500); 21 Apr 2014 08:38:20 -0000 Delivered-To: apmail-cloudstack-issues-archive@cloudstack.apache.org Received: (qmail 80595 invoked by uid 500); 21 Apr 2014 08:38:18 -0000 Mailing-List: contact issues-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list issues@cloudstack.apache.org Received: (qmail 80557 invoked by uid 500); 21 Apr 2014 08:38:16 -0000 Delivered-To: apmail-incubator-cloudstack-issues@incubator.apache.org Received: (qmail 80541 invoked by uid 99); 21 Apr 2014 08:38:16 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 21 Apr 2014 08:38:16 +0000 Date: Mon, 21 Apr 2014 08:38:15 +0000 (UTC) From: "ASF subversion and git services (JIRA)" To: cloudstack-issues@incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (CLOUDSTACK-6287) While adding Secondary storage as SMB/CIFS in CS 4.3 Domain controller password appears in plan text in key/pair value. MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CLOUDSTACK-6287?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13975482#comment-13975482 ] ASF subversion and git services commented on CLOUDSTACK-6287: ------------------------------------------------------------- Commit 57f3e21317ee77befcb7af7d2c6cf5f1c0eacffa in cloudstack's branch refs/heads/master from [~anshulg] [ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=57f3e21 ] CLOUDSTACK-6287, CLOUDSTACK-6315 : fixed password visible in plain text in some hyperv request params/json response > While adding Secondary storage as SMB/CIFS in CS 4.3 Domain controller password appears in plan text in key/pair value. > ----------------------------------------------------------------------------------------------------------------------- > > Key: CLOUDSTACK-6287 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6287 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the default.) > Components: Hypervisor Controller, Storage Controller > Affects Versions: 4.3.0 > Environment: CentOS 6.3 x64-64, Hyperv hypervisor > Reporter: Tejas > Assignee: Anshul Gangwar > Priority: Critical > Labels: security > > While adding Secondary storage as SMB/CIFS in CS 4.3 Domain controller password appears in plan text in key/pair value. > Logs are as below, > 2014-03-27 09:49:47,611 INFO [o.a.c.s.d.l.CloudStackImageStoreLifeCycleImpl] (catalina-exec-12:ctx-bd85f47b ctx-df8f3444) Trying to add a new data store at cifs://10.129.151.61/Secondary to data center 1 > 2014-03-27 09:49:47,977 DEBUG [c.c.a.ApiServlet] (catalina-exec-12:ctx-bd85f47b ctx-df8f3444) ===END=== 10.129.150.62 -- GET command=addImageStore&response=json&sessionkey=pjC%2B%2FjnddbFmQI7MtdDgo%2Bf5JmQ%3D&name=Secondary&provider=SMB&zoneid=5e5a7fee-9e4e-47df-86fa-c19da8240e84&url=cifs%3A%2F%2F10.129.151.61%2FSecondary&details%5B0%5D.key=user&details%5B0%5D.value=administrator&details%5B1%5D.key=password&details%5B1%5D.value=C1sco123&details%5B2%5D.key=domain&details%5B2%5D.value=nw.com&_=1395893875835 -- This message was sent by Atlassian JIRA (v6.2#6252)