Bug 1486926 - application traffic is unencrypted for the hypervisor hosts
Summary: application traffic is unencrypted for the hypervisor hosts
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: rhv-security
Version: 4.1.5
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: ---
: ---
Assignee: Kurt Seifried
QA Contact: Pavel Stehlik
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-08-30 19:27 UTC by Christine Lee
Modified: 2021-05-01 16:50 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-11-03 09:21:16 UTC
oVirt Team: Virt
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Christine Lee 2017-08-30 19:27:45 UTC
Description of problem:
Transport Layer Security (SSL/TLS) is not being used to protect sensitive data communications (e.g. UserID/password, SQL, etc) between the application and end-clients. Impact The primary benefit of TLS is the protection of web application data from unauthorized disclosure. It should be noted that TLS only provides protection to data during transmission. Therefore, appropriate security controls must be added to protect data while at rest within the application or within data stores.
 
[root]# cat /etc/libvirt/libvirtd.conf|gre
#listen_tls = 0
#tls_port = "16514"
#auth_tls = "none"
#tls_no_sanity_certificate = 1
#tls_no_verify_certificate = 1
#tls_allowed_dn_list = ["DN1", "DN2"]
#tls_priority="NORMAL"

Remediation Recommendations 
1. Enable TLS for all login pages and all subsequent authenticated pages. Failure to utilize TLS for authenticated pages after the login enables an attacker to view the unencrypted session ID and compromise the user's authenticated session. 

2. Ensure SSLv2, SSLv3, TLSv1.0, TLSv1.1 are completely disabled and only allow TLSv1.2 and above with approved cipher suites. Unapproved cipher suites (e.g. ciphers below 128-bit, 3DES, RC4, MD5, DHE, ADH, NULL & EXPORT ciphers) should be disabled in TLS. Refer to Data Protection TSR, section 3.5.1, for more details. 

3. When cookies are used on TLS pages, all cookies should be set to secure. This signals the browser to expect sensitive information, which should never be sent over non-SSL channels.

Version-Release number of selected component (if applicable): 4.1.3


How reproducible: It is reproducible


Steps to Reproduce:
# cat /etc/libvirt/libvirtd.conf|grep tls


Expected results:
TLS should be listening, and that will be reflected in the config file.


Additional info:

Comment 1 Michal Skrivanek 2017-08-31 04:59:00 UTC
The output looks like from unconfigured host. Please clarify if the host has been added to a RHV environment

Comment 2 Christine Lee 2017-09-11 18:12:00 UTC
Hi Michal,

Yes, the host has been added to the RHV environment, per customer.
Customer states that his security team's concern is that libvirt daemon is not using encryption.

Thanks,
Christine

Comment 3 Michal Skrivanek 2017-09-12 04:50:03 UTC
well, not sure what the customer is doing, but the output is clearly from an unconfigured host. That host is apparently not added into a RHV system yet.
Please provide further clarification

Comment 4 Tomas Jelinek 2017-09-20 07:41:37 UTC
ping

Comment 5 Tomas Jelinek 2017-10-03 12:37:16 UTC
any news?

Comment 6 Christine Lee 2017-10-05 20:59:09 UTC
Hi Tomas, 

Customer has uploaded the sosreport (case log #24).  What exactly do you need to see?

Christine

Comment 7 Frank DeLorey 2017-10-05 21:09:59 UTC
Hi Michal,
          I was just looking at the case for Christine. What leads you to believe that the host is unconfigured? Is it the entries from libvirtd.conf?

Regards,,

Frank

Comment 8 Michal Skrivanek 2017-10-05 22:30:53 UTC
Yes. How does it look then?

Comment 9 Christine Lee 2017-10-05 23:09:18 UTC
(In reply to Michal Skrivanek from comment #8)
> Yes. How does it look then?

Could you be specific and let me know what you're looking for?  Thanks!

Comment 10 Tomas Jelinek 2017-10-11 15:05:28 UTC
I have just reviewed the libvirtd.conf from the attached sos report and the tls is enabled there (e.g. all the options mentioned in comment 1 are commented out meaning it falls back to the default libvirt configuration which has the tls enabled)

It contains, for example, this:
# This is enabled by default, uncomment this to disable it
#listen_tls = 0

so, not sure, what are you missing?

Comment 11 Tomas Jelinek 2017-10-23 13:47:02 UTC
Christine?


Note You need to log in before you can comment on or make changes to this bug.