Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1664310

Summary: [RHEL 7.6 LP] openstack output leaks passwords
Product: Red Hat Enterprise Linux 7 Reporter: Tomáš Golembiovský <tgolembi>
Component: libguestfsAssignee: Richard W.M. Jones <rjones>
Status: CLOSED CURRENTRELEASE QA Contact: Virtualization Bugs <virt-bugs>
Severity: high Docs Contact:
Priority: unspecified    
Version: 7.6CC: juzhou, mxie, mzhan, ptoscano, tzheng, xiaodwan, zili
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: V2V
Fixed In Version: libguestfs-1.38.2-12.28.lp.el7_6 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-10-17 11:07:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1651426    

Description Tomáš Golembiovský 2019-01-08 12:09:32 UTC 
When password arguments are passed with --os-* option to -o openstack (e.g. --os-password=somesecret), such arguments are then presented in virt-v2v debug output in clear text.

Passwords should not be disclosed this way and should be masked in virt-v2v output.
Comment 2 Richard W.M. Jones 2019-01-08 13:48:19 UTC 
Note this is only in the LP branch, so the bug may only affect layered products, not actual RHEL.
However it is a security issue.
Comment 3 Richard W.M. Jones 2019-01-08 14:21:05 UTC 
Patch posted:
https://www.redhat.com/archives/libguestfs/2019-January/msg00086.html
Comment 4 Richard W.M. Jones 2019-01-08 14:57:05 UTC 
Final patch upstream in:
https://github.com/libguestfs/libguestfs/commit/fc028bf57a3ff128d21b904583f9ea02f672ed5b
Comment 5 Richard W.M. Jones 2019-01-08 15:38:09 UTC 
This is fixed in the libguestfs-1.38.2-12.28.lp.el7_6 package.  There's a scratch build here:

https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=19702636
Comment 6 liuzi 2019-10-17 11:07:01 UTC 
Verify bug with builds:
virt-v2v-1.40.2-8.el7.x86_64
libguestfs-1.40.2-8.el7.x86_64
nbdkit-1.8.0-2.el7.x86_64

Steps:
1.Use virt-v2v to convert a guest to openstack and use option --os-password 
#virt-v2v -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 -it vddk -io vddk-libdir=/home/vmware-vix-disklib-distrib -io  vddk-thumbprint=1F:97:34:5F:B6:C2:BA:66:46:CB:1A:71:76:7D:6B:50:1E:03:00:EA -n default esx6.7-rhel7.7-x86_64 --password-file /tmp/passwd -o openstack -oo server-id=rhel7.6-v2v-conversion-server -oo os-username=admin -oo os-password=redhat -v -x |& tee >op.log

2.Check if the passwords disclosed in the log
# cat op.log |grep openstack
openstack [...] token issue
[ 181.3] Initializing the target -o openstack
openstack [...] volume create -f json --size 7 --description virt-v2v temporary volume for esx6.7-rhel7.7-x86_64 --non-bootable --read-write esx6.7-rhel7.7-x86_64-sda
openstack: JSON parsed as: {
openstack [...] volume show -f json d37127be-f085-4d3d-ada8-8415cdc1f2c5
openstack: JSON parsed as: {
openstack [...] server add volume rhel7.6-v2v-conversion-server d37127be-f085-4d3d-ada8-8415cdc1f2c5
openstack [...] server remove volume rhel7.6-v2v-conversion-server d37127be-f085-4d3d-ada8-8415cdc1f2c5
openstack [...] volume delete d37127be-f085-4d3d-ada8-8415cdc1f2c5


Result:
The virt-v2v will not disclose the password when convert a guest to openstack.