Note that this bug was public for 6 hours and E-mail copies of all the information it contains were forwarded to anyone who subscribes to Neutron on Launchpad (easily numbering in the hundreds of recipients). As they say, you can't put the beans back in the can.
** Information type changed from Private Security to Public Security ** Also affects: ossa Importance: Undecided Status: New ** Changed in: ossa Status: New => Incomplete -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1524675 Title: lbaasv2-agent is logging credentials from barbican Status in neutron: New Status in OpenStack Security Advisory: Incomplete Bug description: In liberty, a neutron-lbaasv2-agent is logging credentials retrieved from barbican when debug=True. (e.g. cert, private key, passphrase) this makes security issue. example: http://paste.openstack.org/show/481439/ (part of /var/log/neutron/neutron-lbaasv2-agent.log) To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1524675/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp