[AAA-21] Security Issue in Restconf: Restconf config output produces user name and password in clear text - OpenDaylight JIRA

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Resolution: Done
Affects Version/s: None
Fix Version/s: None
Component/s: General
Labels:
None
Environment:

Operating System: All
Platform: All

External issue ID:
2251

Description

I mounted couple of Netconf capable devices onto the ODL controller. Once I did that I wanted to get the config output of the
1. Entire controller ( As controller itself can be mounted as Netconf end point)
2. The configuration of the mounted device.

For the first one I issued the following restconf URL.

http://10.18.161.79:8181/restconf/config/opendaylight-inventory:nodes/node/controller-config/yang-ext:mount/config:modules/

This resulted in some configuration information of the mounted devices including the user name and password to access them.

However the user name and password is in clear text which is a big security threat.

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Unassigned

Reporter:: Balaji Varadaraju

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 24/Oct/14 10:29 PM

Updated:: 21/Mar/19 11:56 AM

Resolved:: 07/Feb/18 6:56 PM