Bug 2004625 - BMC credentials could be logged if they change
Summary: BMC credentials could be logged if they change
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Bare Metal Hardware Provisioning
Version: 4.9
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.10.0
Assignee: Zane Bitter
QA Contact: Lubov
Depends On:
Blocks: 2009849
TreeView+ depends on / blocked
Reported: 2021-09-15 16:59 UTC by Zane Bitter
Modified: 2022-03-10 16:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
: 2009849 (view as bug list)
Last Closed: 2022-03-10 16:10:53 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github metal3-io baremetal-operator issues 980 0 None open BMC passwords can sometimes be logged 2021-09-15 16:59:38 UTC
Github openshift baremetal-operator pull 180 0 None open Merge upstream 2021-10-01 2021-10-01 18:46:38 UTC
Red Hat Product Errata RHSA-2022:0056 0 None None None 2022-03-10 16:11:36 UTC

Description Zane Bitter 2021-09-15 16:59:38 UTC
Beginning with 4.9, if the user changes the credentials for a BaremetalHost (by editing or changing the Secret that contains them), the baremetal operator may log the new credentials in the process of updating them in Ironic.

This is a very rare event as users don't generally change the BMC credentials, but it should be avoided.

Comment 2 Lubov 2021-10-14 18:07:29 UTC
verified on 4.10.0-0.nightly-2021-10-10-083341: no mention of the password after changed in secret

Comment 5 errata-xmlrpc 2022-03-10 16:10:53 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.