XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Encrypt server passwords in database

    Scheduled Pinned Locked Moved Xen Orchestra
    4 Posts 2 Posters 477 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • nermaliaN Offline
      nermalia
      last edited by

      Re: Exported Xen Orchestra Config Contains Plaintext Host Passwords - Is This Intentional?

      I've been going through this older issue about plaintext passwords and was wondering if there was any plans on encrypting the passwords in the database in some form?

      The reason I ask is that since there are no ACLs on the free version of the product anyone with access to Xen Orchestra will have access to export the config unless we subscribe to the paid versions.

      There is also the issue with it being stored in plaintext in Redis as well, meaning anyone that can get access to the dump.rdb file will gain access to all the server passwords and since the XOA drives can't be encrypted at rest by default anyone with access to the storage the appliance is running on can in theory just copy the rdb file off and immediately gain root or admin access to your hypervisors.

      1 Reply Last reply Reply Quote 0
      • olivierlambertO Offline
        olivierlambert Vates 🪐 Co-Founder CEO
        last edited by

        About Redis password: in the original thread, @julien-f already explained the reason why, please read it 🙂

        Also, as he said, we can add an option to get a passphrase, however.

        Regarding the config, you can add a password for it when you export it, see https://xen-orchestra.com/blog/xen-orchestra-5-47/#configencryption

        1 Reply Last reply Reply Quote 0
        • nermaliaN Offline
          nermalia
          last edited by

          Passive aggressive comment about "please read it" aside, that doesn't really address my concern. It's a pretty significant security risk to be having passwords in plaintext on the system especially when they're just sitting in a file on the filesystem which can be easily obtained due to lack of encryption.

          It seems as though this isn't seen as a concern by the team though, so I'll take that under advisement.

          1 Reply Last reply Reply Quote 0
          • olivierlambertO Offline
            olivierlambert Vates 🪐 Co-Founder CEO
            last edited by olivierlambert

            I'm not an English native speaker, it wasn't meant to be passive aggressive at all. I just told you that @julien-f already explained the initial reasons (also telling you we are aware of that fact).

            Also, XO 6 work is a major rework of the whole thing, and this will be taken into account on our redesign.

            A note, however: if someone can slip into your XOA, password, tokens and XAPI access are available in memory (regardless the fact you have encryption or not). In that case, a passphrase won't change anything. That's why we decided to remove any default password in the XO virtual Appliance template, so nobody still use default creds as a "known" entry point.

            And finally, as Xen Orchestra is fully Open Source, your contributions are very welcome 🙂

            1 Reply Last reply Reply Quote 3
            • First post
              Last post