CloudStack is one of the major and popular IaaS (Infrastructure as a Servile) platform.
http://en.wikipedia.org/wiki/Apache_CloudStack
http://en.wikipedia.org/wiki/Apache_CloudStack
Below small review of the password reset process in the CloudStack.
The purpose of password reset procedure - to allow user during deployment of the VM (virtual machine) template or after this to reset root (administrator password) of VM. Because of the main idea of IaaS to give user ability to help himself this is one of the key functionality.
From user perspective process looks like:
1. start new VM or click reset password on any stopped VM
2. Get popup with new root password
3. Log in using console, rdp or ssh using new password.
2. Get popup with new root password
3. Log in using console, rdp or ssh using new password.
Let's see what behind the scene:
Each network in CloudStack has dedicated router (VR) which doing dhcp, dns, loadbalancing, firewalling and password reset for whole subnet.
On VR we have following components of password reset service:
1. Process listening on port 8080:
socat -lf /var/log/cloud.log TCP4-LISTEN:8080,reuseaddr,crnl,bind=10.0.146.2 SYSTEM:/opt/cloud/bin/serve_password.sh "$SOCAT_PEERADDR"
it actually waiting for request like : DomU_Request: send_my_password
socat -lf /var/log/cloud.log TCP4-LISTEN:8080,reuseaddr,crnl,bind=10.0.146.2 SYSTEM:/opt/cloud/bin/serve_password.sh "$SOCAT_PEERADDR"
it actually waiting for request like : DomU_Request: send_my_password
2. script actually doing the job: /opt/cloud/bin/serve_password.sh
3. and password file: /var/cache/cloud/passwords having all passwords in clear text with filesystem permissions -rw-r--r--
10.0.146.15=rD7nudcze
10.0.146.13=jB9kbknvq
10.0.146.181=saved_password
after each password request VR replace corresponding password in password file by "saved_password"
On VM template and VM instance you have script: /etc/init.d/cloud-set-guest-password
This script automatically request root password from VR at each system startup and update it .
The password request procedure is:
1. Client VM parse local network setting and getting DHCP server IP.
2. Client send clear text request like wget -q -t 3 -T 20 -O - --header "DomU_Request: send_my_password" $PASSWORD_SERVER_IP:8080
3. If it get password it will use it. If it gets "saved_password" it won't do anything.
Security problems:
1. clear text password storage on VR
2. Clear text password transmission over the network
3. Missing password sever authentication (only by IP)
4. auto-starting password reset service.
Conclusion:
If attacker has access to the one instance into cloudstack network by spoofing password server(VR) IP he will able to compromise other instances int this subnet after their reboot. Having access to VR - will be able to compromise all nodes.
Awesome article! You are providing us very valid information. This is worth reading. Keep sharing more such articles.
ReplyDeleteData Science Course in Chennai
Data Science Course in Coimbatore
Data Science Online Course
Great Article Cyber Security Projects projects for cse Networking Security Projects JavaScript Training in Chennai JavaScript Training in Chennai The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training
DeleteUseful Information..!!! Best blog with effective information’s..!!
ReplyDeleteJAVA Training in Chennai
Selenium Training in Chennai
Python Training in Chennai
AWS Training in Chennai
Data Science Course in Chennai
DevOps Training in Chennai
ReplyDeleteNice blog! Thanks for sharing this valuable information
DevOps Training in Bangalore
Devops Training in Pune
Devops Training in Hyderabad
devops training in gurgaon
Big data training in chennai
ReplyDeleteBig Data Course in Chennai
Great post. keep sharing such a worthy information
ReplyDeleteAndroid Training in Chennai
Android Training in Bangalore
Great post. keep sharing such a worthy information
ReplyDeletecyber security course in bangalore
cyber security training in chennai
Excellent blog.thanks for sharing such a worthy information....
ReplyDeletebest digital marketing course in chennai
best digital marketing training in chennai
Happy to read the informative blog. Thanks for sharing
ReplyDeletepython coaching centre in chennai
python coaching centre in chennai
Great post. keep sharing such a worthy information.
ReplyDeleteGoogle Ads Training Courses In Chennai
Google Ads Online Course
Happy to read the informative blog. Thanks for sharing
ReplyDeleteIELTS Coaching Center in Chennai
best ielts coaching centre in chennai
This post is so interactive and informative.keep update more information...
ReplyDeleteEthical Hacking Course in Velachery
Ethical Hacking Course in Chennai
Great post. Thanks for sharing such a useful blog.
ReplyDeletePython Training in T.Nagar
Python training in chennai
Great post. keep sharing such a worthy information.
ReplyDeleteGoogle Analytics Training In Chennai
Google Analytics Online Course
Great post. keep sharing such a worthy information.
ReplyDeleteCloud Computing Courses in Chennai
Cloud Computing Online Course
Mindblowing blog very useful thanks
ReplyDeleteEthical Hacking Course in T Nagar
Ethical Hacking Course in Chennai
Great post. keep sharing such a worthy information.
ReplyDeleteGraphic Design courses in Chennai
Online Graphic Design Course
Graphic Design Courses In Bangalore
Nice informative content. Thanks for sharing the valuable information.
ReplyDeleteRPA Course in Chennai
RPA Online Course
RPA Course In Bangalore