Bug 1486926

Summary: application traffic is unencrypted for the hypervisor hosts
Product: Red Hat Enterprise Virtualization Manager Reporter: Christine Lee <chrlee>
Component: rhv-securityAssignee: Kurt Seifried <kseifried>
Status: CLOSED NOTABUG QA Contact: Pavel Stehlik <pstehlik>
Severity: low Docs Contact:
Priority: unspecified    
Version: 4.1.5CC: chrlee, fdelorey, mavital, michal.skrivanek, tjelinek
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-11-03 09:21:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Virt RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Christine Lee 2017-08-30 19:27:45 UTC
Description of problem:
Transport Layer Security (SSL/TLS) is not being used to protect sensitive data communications (e.g. UserID/password, SQL, etc) between the application and end-clients. Impact The primary benefit of TLS is the protection of web application data from unauthorized disclosure. It should be noted that TLS only provides protection to data during transmission. Therefore, appropriate security controls must be added to protect data while at rest within the application or within data stores.
 
[root]# cat /etc/libvirt/libvirtd.conf|gre
#listen_tls = 0
#tls_port = "16514"
#auth_tls = "none"
#tls_no_sanity_certificate = 1
#tls_no_verify_certificate = 1
#tls_allowed_dn_list = ["DN1", "DN2"]
#tls_priority="NORMAL"

Remediation Recommendations 
1. Enable TLS for all login pages and all subsequent authenticated pages. Failure to utilize TLS for authenticated pages after the login enables an attacker to view the unencrypted session ID and compromise the user's authenticated session. 

2. Ensure SSLv2, SSLv3, TLSv1.0, TLSv1.1 are completely disabled and only allow TLSv1.2 and above with approved cipher suites. Unapproved cipher suites (e.g. ciphers below 128-bit, 3DES, RC4, MD5, DHE, ADH, NULL & EXPORT ciphers) should be disabled in TLS. Refer to Data Protection TSR, section 3.5.1, for more details. 

3. When cookies are used on TLS pages, all cookies should be set to secure. This signals the browser to expect sensitive information, which should never be sent over non-SSL channels.

Version-Release number of selected component (if applicable): 4.1.3


How reproducible: It is reproducible


Steps to Reproduce:
# cat /etc/libvirt/libvirtd.conf|grep tls


Expected results:
TLS should be listening, and that will be reflected in the config file.


Additional info:

Comment 1 Michal Skrivanek 2017-08-31 04:59:00 UTC
The output looks like from unconfigured host. Please clarify if the host has been added to a RHV environment

Comment 2 Christine Lee 2017-09-11 18:12:00 UTC
Hi Michal,

Yes, the host has been added to the RHV environment, per customer.
Customer states that his security team's concern is that libvirt daemon is not using encryption.

Thanks,
Christine

Comment 3 Michal Skrivanek 2017-09-12 04:50:03 UTC
well, not sure what the customer is doing, but the output is clearly from an unconfigured host. That host is apparently not added into a RHV system yet.
Please provide further clarification

Comment 4 Tomas Jelinek 2017-09-20 07:41:37 UTC
ping

Comment 5 Tomas Jelinek 2017-10-03 12:37:16 UTC
any news?

Comment 6 Christine Lee 2017-10-05 20:59:09 UTC
Hi Tomas, 

Customer has uploaded the sosreport (case log #24).  What exactly do you need to see?

Christine

Comment 7 Frank DeLorey 2017-10-05 21:09:59 UTC
Hi Michal,
          I was just looking at the case for Christine. What leads you to believe that the host is unconfigured? Is it the entries from libvirtd.conf?

Regards,,

Frank

Comment 8 Michal Skrivanek 2017-10-05 22:30:53 UTC
Yes. How does it look then?

Comment 9 Christine Lee 2017-10-05 23:09:18 UTC
(In reply to Michal Skrivanek from comment #8)
> Yes. How does it look then?

Could you be specific and let me know what you're looking for?  Thanks!

Comment 10 Tomas Jelinek 2017-10-11 15:05:28 UTC
I have just reviewed the libvirtd.conf from the attached sos report and the tls is enabled there (e.g. all the options mentioned in comment 1 are commented out meaning it falls back to the default libvirt configuration which has the tls enabled)

It contains, for example, this:
# This is enabled by default, uncomment this to disable it
#listen_tls = 0

so, not sure, what are you missing?

Comment 11 Tomas Jelinek 2017-10-23 13:47:02 UTC
Christine?