No plaintext password for compute instance
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | compute |
| Provider | OpenStack |
| Vulnerability Type | misconfiguration |
Description#
Storing or assigning a plaintext password to an OpenStack compute instance in Terraform files exposes sensitive credentials within code repositories and configuration files. This approach fails to protect authentication secrets and increases the risk of credential leakage.
Impact#
If a plaintext password is exposed, attackers could gain unauthorized access to compute instances, leading to data breaches, lateral movement within the cloud environment, and potential compromise of organizational assets and services.
Resolution#
Do not use plaintext passwords in terraform files