Project

General

Profile

Bug #47857

Feature #47765: mgr/dashboard: security improvements

mgr/dashboard: sensitive information stored in cleartext

Added by Ernesto Puerta 3 months ago.

Status:
New
Priority:
High
Assignee:
-
Category:
dashboard/general
Target version:
% Done:

0%

Source:
other
Tags:
security
Backport:
nautilus, octopus
Regression:
No
Severity:
2 - major
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature:

Description

Description

The application stores sensitive information (i.e. usernames, passwords and access tokens) cleartext inside
a RocksDB database. An attacker with read access to the database files could compromise the application
and other systems.

Exploitation

The testing team identified a RocksDB instance in use by the Ceph Monitor daemon that contains sensitive
data, such as S3 access and secret keys, usernames and passwords.
It was possible to easily obtain the data either by searching for ASCII strings in the database files or by
using RocksDB command line tool to dump the database.

Recommendation

Either encrypt whole RocksDB or perform application-level encryption.

Caveat

Application level encryption still requires an encryption key to saved somewhere, which simply shifts the problem to where to securely store this key:
  • Key-Value Store... un-encrypted. Same as original issue.
  • Hardware Security Module (HSM), like a FIPS-140
  • Remote key server (e.g.: Vault)

Also available in: Atom PDF