git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Openstack-security] [Bug 1858186] [NEW] http_log_request will print debug info include pki certificate which is unsafety


Public bug reported:

when i use pki token,i find nova debug log include the whole pki
certificate info,is this safety?need to modify?

my request is
curl -g -i -X GET https://identity.az1.dc1.domainname.com:443/identity-admin/v3/auth/tokens/OS-PKI/revoked

debug.log such as:
RESP BODY: {"signed": "-----BEGIN CMS-----\nMIIBuwxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxfs0QO\n-----END CMS-----\n"}

** Affects: keystoneauth
     Importance: Undecided
         Status: New


** Tags: security

-- 
You received this bug notification because you are a member of OpenStack
Security SIG, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1858186

Title:
  http_log_request will print debug info include pki certificate which
  is unsafety

Status in keystoneauth:
  New

Bug description:
  when i use pki token,i find nova debug log include the whole pki
  certificate info,is this safety?need to modify?

  my request is
  curl -g -i -X GET https://identity.az1.dc1.domainname.com:443/identity-admin/v3/auth/tokens/OS-PKI/revoked

  debug.log such as:
  RESP BODY: {"signed": "-----BEGIN CMS-----\nMIIBuwxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxfs0QO\n-----END CMS-----\n"}

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystoneauth/+bug/1858186/+subscriptions