[ https://issues.apache.org/jira/browse/CLOUDSTACK-6252?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Wilder Rodrigues reassigned CLOUDSTACK-6252: -------------------------------------------- Assignee: Wilder Rodrigues > Host password is stored in the database in the clear > ---------------------------------------------------- > > Key: CLOUDSTACK-6252 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6252 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server > Affects Versions: Future > Environment: Management Server running on Debian 7 > DevCloud running on XenServer 6.2 > Reporter: Wilder Rodrigues > Assignee: Wilder Rodrigues > > Via the Management Server UI, when creating an advanced Zone and adding a > host to it, the host password is stored in the database in the clear. > All passwords should be encrypted before stored. > Check details below: > mysql> select * from host_details; > +----+---------+----------------------------------------------------+----------------------------------------+ > | id | host_id | name | value > | > +----+---------+----------------------------------------------------+----------------------------------------+ > | 1 | 1 | product_version | 6.2.0 > | > | 2 | 1 | com.cloud.network.Networks.RouterPrivateIpStrategy | > DcGlobal | > | 3 | 1 | private.network.device | > Pool-wide network associated with eth0 | > | 4 | 1 | Hypervisor.Version | 4.1.5 > | > | 5 | 1 | Host.OS | > XenServer | > | 6 | 1 | Host.OS.Kernel.Version | > 2.6.32.43-0.4.1.xs1.8.0.835.170778xen | > | 7 | 1 | wait | 600 > | > | 8 | 1 | password | > changeme | > | 9 | 1 | url | > 10.1.1.203 | > | 10 | 1 | username | root > | > | 11 | 1 | xs620_snapshot_hotfix | false > | > | 12 | 1 | product_brand | > XenServer | > | 13 | 1 | product_version_text_short | 6.2 > | > | 14 | 1 | Host.OS.Version | 6.2.0 > | > | 15 | 1 | instance.name | VM > | > +----+---------+----------------------------------------------------+----------------------------------------+ -- This message was sent by Atlassian JIRA (v6.2#6252)