Project

General

Profile

Bug #47857

Feature #47765: mgr/dashboard: security improvements

mgr/dashboard: sensitive information stored in cleartext

Added by Ernesto Puerta over 3 years ago. Updated about 2 years ago.

Status:
Won't Fix
Priority:
High
Assignee:
-
Category:
Security & Auth
Target version:
% Done:

0%

Source:
other
Tags:
security
Backport:
nautilus, octopus
Regression:
No
Severity:
2 - major
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

Description

The application stores sensitive information (i.e. usernames, passwords and access tokens) cleartext inside
a RocksDB database. An attacker with read access to the database files could compromise the application
and other systems.

Exploitation

The testing team identified a RocksDB instance in use by the Ceph Monitor daemon that contains sensitive
data, such as S3 access and secret keys, usernames and passwords.
It was possible to easily obtain the data either by searching for ASCII strings in the database files or by
using RocksDB command line tool to dump the database.

Recommendation

Either encrypt whole RocksDB or perform application-level encryption.

Caveat

Application level encryption still requires an encryption key to saved somewhere, which simply shifts the problem to where to securely store this key:
  • Key-Value Store... un-encrypted. Same as original issue.
  • Hardware Security Module (HSM), like a FIPS-140
  • Remote key server (e.g.: Vault)

History

#1 Updated by Ernesto Puerta almost 3 years ago

  • Project changed from mgr to Dashboard
  • Category changed from 132 to General

#2 Updated by Ernesto Puerta almost 3 years ago

  • Category changed from General to Security & Auth

#3 Updated by Ernesto Puerta about 2 years ago

  • Status changed from New to Won't Fix

Also available in: Atom PDF