TF 0189 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
No plaintext password for compute instance
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | compute |
| Provider | OpenStack |
| Vulnerability Type | misconfiguration |
Description
Storing or assigning a plaintext password to an OpenStack compute instance in Terraform files exposes sensitive credentials within code repositories and configuration files. This approach fails to protect authentication secrets and increases the risk of credential leakage.
Impact
If a plaintext password is exposed, attackers could gain unauthorized access to compute instances, leading to data breaches, lateral movement within the cloud environment, and potential compromise of organizational assets and services.
Resolution
Do not use plaintext passwords in terraform files