Summary
After upgrading from HYCU for Enterprise Clouds version 4.5.0 to version 4.5.1, the password for the HYCU virtual appliance OS account may in rare circumstances get reset to the default value.
Date of publication
Oct 26th 2022
Description
Background
During the initial installation, HYCU is deployed with the default OS credentials. Users should always change these credentials after the installation. HYCU is designed to preserve the OS credentials across upgrades.
During the upgrade, HYCU creates a new VM for the upgraded HYCU version and reattaches the data disk from the current to the new HYCU VM. Before the disk is attached, hashed credentials for OS accounts ‘hycu’ and ‘root’ are saved on the data disk. When the upgraded version is deployed, HYCU reapplies the credentials from the data disk.
Root cause
If the OS does not get to flush data to the disk before HYCU re-attaches the disk to new VM, there is a possibility that the hashed credentials may not get written to the data disk. In this case, HYCU would revert to the default password.
The issue only applies to the upgrade from version 4.5.0 to version 4.5.1 The issue does not apply to any updates.
Resolution
The issue has been resolved in version 4.5.1. The upgrade from version 4.5.1 to version 4.6.0 will preserve passwords. HYCU explicitly flushes the disk before it reattaches it to the new VM.
Mitigation
To check if your HYCU deployment is affected by this issue, please attempt to log in via SSH or console as user 'hycu' with the default password as documented in the HYCU User Guide.
- If the login succeeds, HYCU deployment is affected.
- If the login fails, HYCU deployment is not affected.
If HYCU deployment is affected, set new passwords for OS accounts 'hycu' and 'root' immediately.
Reference
EC-17869 - Upgrade might not preserve OS credentials
Comments
Please sign in to leave a comment.