Bug #47857
Feature #47765: mgr/dashboard: security improvements
mgr/dashboard: sensitive information stored in cleartext
% Done:
0%
Source:
other
Tags:
security
Backport:
nautilus, octopus
Regression:
No
Severity:
2 - major
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
Description
The application stores sensitive information (i.e. usernames, passwords and access tokens) cleartext inside
a RocksDB database. An attacker with read access to the database files could compromise the application
and other systems.
Exploitation
The testing team identified a RocksDB instance in use by the Ceph Monitor daemon that contains sensitive
data, such as S3 access and secret keys, usernames and passwords.
It was possible to easily obtain the data either by searching for ASCII strings in the database files or by
using RocksDB command line tool to dump the database.
Recommendation
Either encrypt whole RocksDB or perform application-level encryption.
Caveat
Application level encryption still requires an encryption key to saved somewhere, which simply shifts the problem to where to securely store this key:- Key-Value Store... un-encrypted. Same as original issue.
- Hardware Security Module (HSM), like a FIPS-140
- Remote key server (e.g.: Vault)
History
#1 Updated by Ernesto Puerta almost 3 years ago
- Project changed from mgr to Dashboard
- Category changed from 132 to General
#2 Updated by Ernesto Puerta almost 3 years ago
- Category changed from General to Security & Auth
#3 Updated by Ernesto Puerta about 2 years ago
- Status changed from New to Won't Fix