A vulnerability in openstack-tripleo-heat-templates was found, which regardless of supplied values for credentials uses hardcoded rabbitmq credentails to guest/guest account. In the documentation users are strongly encouraged to change the default values for credentials, however changing these values using our instructions does not correctly set the values in the rabbitmq config.
Acknowledgements: Red Hat would like to thank Kota Akatsuka of NEC for reporting this issue.
Created openstack-tripleo-heat-templates tracking bugs for this issue: Affects: fedora-all [bug 1291493]
This issue has been addressed in the following products: OpenStack 7.0 Director/Manager for RHEL 7 Via RHSA-2015:2650 https://access.redhat.com/errata/RHSA-2015:2650