Public bug reported:
User with the admin role can view the secret key of other user's EC2
credential, even if it does not belong to the user.
I think that even user with admin role should be prevented from viewing the
secret key of other user's EC2 credential and the secret key of other user's
EC2 credential should be encrypted or masked.
** Affects: keystone
Importance: Undecided
Assignee: LeeChunghwan (chung00lee)
Status: New
** Changed in: keystone
Assignee: (unassigned) => LeeChunghwan (chung00lee)
** Summary changed:
- User with the admin role can view the secret key of all users' EC2
credentials.
+ User with the admin role can view the secret key of other user's EC2
credentials.
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/2109693
Title:
User with the admin role can view the secret key of other user's EC2
credentials.
Status in OpenStack Identity (keystone):
New
Bug description:
User with the admin role can view the secret key of other user's EC2
credential, even if it does not belong to the user.
I think that even user with admin role should be prevented from viewing the
secret key of other user's EC2 credential and the secret key of other user's
EC2 credential should be encrypted or masked.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/2109693/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
