Bug 1651426 - v2v - OSP admin password exposed in virt-v2v-wrapper logs
Summary: v2v - OSP admin password exposed in virt-v2v-wrapper logs
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: libguestfs
Version: 4.2.7
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: ovirt-4.3.0
: ---
Assignee: Tomáš Golembiovský
QA Contact: Yadnyawalk Tale
URL:
Whiteboard: v2v
: 1650244 (view as bug list)
Depends On: 1664310
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-11-20 03:35 UTC by Brett Thurber
Modified: 2019-04-15 18:01 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Previously when converting to OpenStack, failed conversions revealed passwords for accessing OpenStack in the wrapper log. This issue has been fixed and passwords are no longer revealed.
Clone Of:
Environment:
Last Closed: 2019-04-15 18:01:32 UTC
oVirt Team: Virt
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Brett Thurber 2018-11-20 03:35:55 UTC 
Description of problem:
When migrating from VMware to OSP using the IMS tooling and virt-v2v-wrapper from this package:  ovirt-ansible-v2v-conversion-host-1.7.0-2.el7ev.noarch.rpm the OSP admin password is exposed in clear text.  It is also present in the virt-v2v.log


Version-Release number of selected component (if applicable):
ovirt-ansible-v2v-conversion-host-1.7.0-2.el7ev.noarch.rpm


How reproducible:
Everytime

Steps to Reproduce:
1.  Using IMS tooling, initiate a VM migration from VMware to OSP
2.
3.

Actual results:
Admin password exposed

Expected results:
Admin password hashed

Additional info:
Comment 3 Yadnyawalk Tale 2018-12-27 11:27:24 UTC 
Still reproducible with conversion appliance https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=815918.
Tested with 5.10.0.30.20181218191323_900a416.
Comment 10 Tomáš Golembiovský 2019-01-08 12:16:58 UTC 
*** Bug 1650244 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.