Re: [I] Security: Host Password Exposed in Command-Line Logging During Password Update Operations [cloudstack]

Wed, 05 Nov 2025 20:43:57 -0800 


kiranchavala commented on issue #11989:
URL: https://github.com/apache/cloudstack/issues/11989#issuecomment-3495018425

   @YLChen-007 is the issue only with xenserver hypervisor ?
   
   I have verified with KVM and the issue is not observed 
   
   ```
   2025-11-06 04:41:27,603 DEBUG [c.c.a.ApiServlet] 
(qtp170949260-20:[ctx-e79f2409]) (logid:165b6080) ===START===  0:0:0:0:0:0:0:1 
-- POST   updateHostPassword
   2025-11-06 04:41:27,603 DEBUG [c.c.a.ApiServlet] 
(qtp170949260-20:[ctx-e79f2409]) (logid:165b6080) Two factor authentication is 
already verified for the user 2, so skipping
   2025-11-06 04:41:27,604 DEBUG [c.c.a.ApiServer] 
(qtp170949260-20:[ctx-e79f2409, ctx-c3ff08de]) (logid:165b6080) CIDRs from 
which account 'Account 
[{"accountName":"admin","id":2,"uuid":"e029d8ef-b87d-11f0-9652-bc241105fff2"}]' 
is allowed to perform API calls: 0.0.0.0/0,::/0
   2025-11-06 04:41:27,605 INFO  [o.a.c.a.DynamicRoleBasedAPIAccessChecker] 
(qtp170949260-20:[ctx-e79f2409, ctx-c3ff08de]) (logid:165b6080) Account for 
user id e02a0e0f-b87d-11f0-9652-bc241105fff2 is Root Admin or Domain Admin, all 
APIs are allowed.
   2025-11-06 04:41:27,605 DEBUG [o.a.c.a.StaticRoleBasedAPIAccessChecker] 
(qtp170949260-20:[ctx-e79f2409, ctx-c3ff08de]) (logid:165b6080) RoleService is 
enabled. We will use it instead of StaticRoleBasedAPIAccessChecker.
   2025-11-06 04:41:27,605 DEBUG [o.a.c.r.ApiRateLimitServiceImpl] 
(qtp170949260-20:[ctx-e79f2409, ctx-c3ff08de]) (logid:165b6080) API rate 
limiting is disabled. We will not use ApiRateLimitService.
   2025-11-06 04:41:27,606 DEBUG [c.c.s.ManagementServerImpl] 
(qtp170949260-20:[ctx-e79f2409, ctx-c3ff08de]) (logid:165b6080) Changing 
password for host Host 
{"id":1,"name":"cs-kvm-422rc3","type":"Routing","uuid":"fc5e20a7-65cd-4075-8f40-7ec67d9a8c44"}
   2025-11-06 04:41:27,612 DEBUG [c.c.a.ApiServlet] 
(qtp170949260-20:[ctx-e79f2409, ctx-c3ff08de]) (logid:165b6080) ===END===  
0:0:0:0:0:0:0:1 -- POST   updateHostPassword
   
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to