Bug 1297577
| Summary: | LDAP bind username and password being logged in plain text | ||
|---|---|---|---|
| Product: | Red Hat CloudForms Management Engine | Reporter: | Jared Deubel <jdeubel> |
| Component: | Security | Assignee: | Gregg Tanzillo <gtanzill> |
| Status: | CLOSED DUPLICATE | QA Contact: | Shveta <sshveta> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 5.5.0 | CC: | jhardy, jprause, jrafanie, kseifried, nachandr, obarenbo, sshveta |
| Target Milestone: | GA | ||
| Target Release: | 5.6.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-02-02 12:12:53 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 1297576 *** |
Description of problem: When the system is binding with CloudForms we are seeing that the password is being logged in plain text. from evm.log which is world readable ========================================================================================== [----] I, [2016-01-11T12:31:42.333099 #11821:9d1994] INFO -- : MIQ(MiqQueue.put) Message id: [777000000684681], id: [], Zone: [Census CloudForms], Role: [], Server: [54e1b3c4-9f3e-11e5-886e-00505685525e], Ident: [generic], Target id: [], Instance id: [], Task id: [], Command: [Authenticator::Ldap.authorize], Timeout: [600], Priority: [20], State: [ready], Deliver On: [], Data: [], Args: [{:basedn=>"DC=test,DC=system,DC=com", :bind_dn=>"CF3-user.com", :bind_pwd=>"PLAIN TEXT PASSWORD", :get_direct_groups=>true, :group_memberships_max_depth=>2, :ldaphost=>["system01.test.system.com"], :ldapport=>"636", :mode=>"ldaps", :user_suffix=>"test.system.com", :user_type=>"samaccountname", :amazon_key=>nil, :amazon_secret=>nil, :ldap_role=>true, :amazon_role=>false, :httpd_role=>false, :user_proxies=>[{}], :follow_referrals=>false, :sso_enabled=>false, :domain_prefix=>"EAD"}, 777000000002661, "test\\user1"] ========================================================================================== User password hashes are also being logged. ========================================================================================== [----] I, [2016-01-11T13:50:40.026319 #11803:467990] INFO -- : MIQ(MiqQueue#m_callback) Message id: [777000000685759], Invoking Callback with args: ["Finished", "ok", "Message delivered successfully", "#<User id: 777000000000002, name: \"John Doe\", email: \"johndoe.com\", icon: nil, created_on: \"2015-12-10 18:07:32\", updated_on: \"2016-01-11 18:50:40\", userid: \"johndoe.com\", settings: {}, filters: nil, lastlogon: \"2016-01-11 18:50:40\", lastlogoff: \"2016-01-11 17:20:03\", region: 777, current_group_id: 777000000000002, first_name: \"John\", last_name: \"doe\", password_digest: \"$2a$19$j2XjeqPzVELR.TOZ1vB0wOpIID/hy/uXc1qipSGqDaC...\">"] ========================================================================================== Version-Release number of selected component (if applicable): 5.5 How reproducible: Very