A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible.
https://tracker.ceph.com/issues/37503 https://github.com/ceph/ceph/pull/38479 https://github.com/ceph/ceph/pull/38620 https://github.com/ceph/ceph/commit/eb80511e3ea31ca6be7a9634a9141da39485e422 https://github.com/ceph/ceph/commit/4a454bbdd7882086b2744d111ec8381fb2b31224 https://github.com/ceph/ceph/commit/e6738d296365bbabe406141fabb90366727b141f https://github.com/ceph/ceph/commit/18822c373900e9f23bc1a79b9e223c438be44032 https://github.com/ceph/ceph/commit/97dbfd22d7d2710c10178be029cf8c5c1f2cc659 https://github.com/ceph/ceph/commit/d75085a423d393e852448bdc8d1c5591b9a293ec https://github.com/ceph/ceph/commit/dfc3c7b5cadf91e618e4b5a7329947d9e4456293