Python-swiftclient exposes raw token values in debug logs
The password and authentication token configuration options for the python-swiftclient are not marked as secret. The values of these options will be logged to the standard logging output when the controller is run in debug mode.
Affected Services / Software
Python-swiftclient, Swift, Glance, Juno, Kilo
When using the python-swiftclient to connect to Glance, and the 'glance-api.conf' has set the value of the debug option to True, the requests sent through the API, including user and token details, will be captured in the local log mechanism.
It is recommended to use the debug level in configurations only when necessary to troubleshoot an issue. When the debug flag is set, the resulting logs should be treated as having sensitive information and as such should have strict permissions around the file and containing directory set in the operating system. Additionally, the logs should not be transported off the system in plaintext such as through syslog.
The debug level can be turned off by setting the following option in the `glance-api.conf` file:
[DEFAULT] debug = false
Contacts / References
- Author: Nathaniel Dillon, HPE
- This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0052
- Original LaunchPad Bug : https://bugs.launchpad.net/python-swiftclient/+bug/1470740
- OpenStack Security ML : email@example.com
- OpenStack Security Group : https://launchpad.net/~openstack-ossg