MAAS node details page shows BMC password in cleartext
Bug #1443344 reported by
Mike Pontillo
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| MAAS |
Fix Released
|
Critical
|
Raphaël Badin | ||
Bug Description
The MAAS node details page shows the BMC password in cleartext.
This could be a major security issue for MAAS administrators who are viewing node details pages with people looking over their shoulder (or screen sharing, etc).
This should be shown in field that obfuscates the password (at least unless the user clicks a button to reveal it).
Related branches
lp:~rvb/maas/pw-bug-1443344
- Blake Rouse (community): Approve
-
Diff: 443 lines (+195/-25)8 files modifiedsrc/maasserver/clusterrpc/power_parameters.py (+2/-0)
src/maasserver/clusterrpc/tests/test_power_parameters.py (+31/-8)
src/maasserver/context_processors.py (+1/-0)
src/maasserver/static/js/angular/directives/power_parameters.js (+12/-3)
src/maasserver/static/js/angular/directives/tests/test_power_parameters.js (+10/-0)
src/maasserver/static/js/angular/directives/tests/test_type.js (+65/-0)
src/maasserver/static/js/angular/directives/type.js (+50/-0)
src/provisioningserver/power_schema.py (+24/-14)
| Changed in maas: | |
| milestone: | none → 1.8.0 |
| status: | New → Triaged |
| Changed in maas: | |
| importance: | Medium → Critical |
| Changed in maas: | |
| assignee: | nobody → Raphaël Badin (rvb) |
| status: | Triaged → In Progress |
| Changed in maas: | |
| status: | In Progress → Fix Committed |
| Changed in maas: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
