Uploaded image for project: 'OpenShift Virtualization'
  1. OpenShift Virtualization
  2. CNV-70015

[RFE] Add Configuration to Disable Display of Unencrypted Guest VM Credentials

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • 4.18
    • CNV User Interface
    • None
    • Incidents & Support
    • False
    • Hide

      None

      Show
      None
    • False
    • None

      • The request is to remove the display of guest VM credentials (and all associated text) from the OpenShift Virtualization VM console, either by default or via a configuration option.
      • Displaying user credentials, even initial ones from cloud-init, on a webpage is a significant security risk ("instant red-flag to security reviewers"). Furthermore, the displayed information is often unreliable as it only reflects the initial cloud-init configuration and doesn't update if the password is changed within the guest OS.
      • It also only detects one of the many ways credentials can be specified. 

              rsdeor Ronen Sde-Or
              rhn-support-divshah Divya Kamlesh Shah
              Guohua Ouyang Guohua Ouyang
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: