[jira] [Created] (CASSANDRA-20856) system_views.settings exposes encryption and TDE passwords in plaintext over CQL

[Hayato Shimizu (Jira)]

Hayato Shimizu created CASSANDRA-20856:
------------------------------------------

             Summary: system_views.settings exposes encryption and TDE 
passwords in plaintext over CQL
                 Key: CASSANDRA-20856
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-20856
             Project: Apache Cassandra
          Issue Type: Bug
          Components: Feature/Virtual Tables
            Reporter: Hayato Shimizu


Selecting from the virtual table {{system_views.settings}}  shows the property 
values cassandra.yaml faithfully, including the ones that contain passwords.

 

Any user with {{SELECT}} on {{system_views.settings}} can read these secrets.

 
{code:java}
cqlsh:system_views> select * from settings where name = 
'client_encryption_options.truststore_password';

 name                                          | value
-----------------------------------------------+----------
 client_encryption_options.truststore_password | changeit

(1 rows)
cqlsh:system_views> select * from settings where name = 
'client_encryption_options.keystore_password';

 name                                        | value
---------------------------------------------+----------
 client_encryption_options.keystore_password | changeit

(1 rows)
cqlsh:system_views> select * from settings where name = 
'server_encryption_options.truststore_password';

 name                                          | value
-----------------------------------------------+----------
 server_encryption_options.truststore_password | changeit

(1 rows)
cqlsh:system_views> select * from settings where name = 
'server_encryption_options.keystore_password';

 name                                        | value
---------------------------------------------+----------
 server_encryption_options.keystore_password | changeit

(1 rows)
cqlsh:system_views> select * from system_views.settings where name = 
'transparent_data_encryption_options.key_provider.parameters';

 name                                                        | value
-------------------------------------------------------------+--------------------------------------------------------------------------------------------------
 transparent_data_encryption_options.key_provider.parameters | 
{keystore_password=cassandra, keystore=conf/.keystore, store_type=JCEKS, 
key_password=cassandra} {code}
Passwords and secrets should be handled as a special case and not exposed in 
plain text in any of the virtual tables.



Observed in 4.1.x and 5.0.x



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org