Bug #493

Weak secuirty model in OpenNebula

Added by Carsten Friedrich over 10 years ago. Updated over 10 years ago.

Status:ClosedStart date:02/21/2011
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-
Resolution:worksforme Pull request:
Affected Versions:

Description

I consider the current security and especially authentication model used in OpenNebula as weak as:

  • All RPC requests are transmitted in plain text.
  • Passwords are transmitted in plain text and stored in plain text in OpenNebula (I understand that they are hashed, but as this is done on the client side it only makes the password more complicated, it does not encrypt it. I.e. the password hash is basically a more complicated plain text password based on the original password.
  • If external authentication schemes are used, e.g. LDAP, password are not even hashed. This also makes authentication code more complicated as the client needs to decide whether to hash the password based on the authentication scheme used (which it should not need to care about).

I think to fix these issues, OpenNebula needs to:

  • Use secure RPC to encrypt all RPC traffic.
  • Send passwords un-hashed over the encrypted RPC and have the server take care of hashing when it is needed.

Associated revisions

Revision 0b36571b
Added by Juan Jose Montiel Cano almost 4 years ago

B #5119: Removed vnet if user can not reserve (#493)

Revision 55908c1b
Added by Juan Jose Montiel Cano almost 4 years ago

B #5119: Removed vnet if user can not reserve (#493)

(cherry picked from commit 0b36571b23259e089764c05127d4288c9e69be3b)

History

#1 Updated by Ruben S. Montero over 10 years ago

  • Status changed from New to Closed
  • Resolution set to worksforme

RPC calls can be easily tunneled through HTTPS proxy, so addressing all your concenrs

#2 Updated by Carsten Friedrich over 10 years ago

HTTPS proxy can be used to address the first issue, the other two still remain:

  • Clients should not need to know what authentication scheme OpenNebula uses internally to decide whether to hash passwords or not.

#3 Updated by Ruben S. Montero over 10 years ago

That is also address by the auth drivers, you can check for example the SSH module at
http://www.opennebula.org/documentation:rel2.0:users

Also available in: Atom PDF