Bug 1981332

Summary: mariadb: No password masking in audit log when using ALTER USER <user> IDENTIFIED BY <password> command
Product: [Other] Security Response Reporter: msiddiqu
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: bdettelb, damien.ciabrini, databases-maint, dbecker, dciabrin, fcanogab, hhorak, jjoyce, jorton, jschluet, lhh, ljavorsk, lpeer, mbayer, mbenatto, mburns, mkocka, mmuzila, mschorm, sclewis, security-response-team, slinaber, SpikeFedora, tomckay
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: mariadb 10.3.29, mariadb 10.4.19, mariadb 10.5.10 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-08-25 01:01:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1976002, 1976003, 1988453, 1988499, 1988500, 1988501, 1988531, 1988532, 1988533, 1988534, 1989977, 2010821, 2010823, 2050509, 2050510, 2050513, 2050525, 2050526, 2079902    
Bug Blocks: 1976800    

Description msiddiqu 2021-07-12 12:17:53 UTC 
When using the ALTER USER ...IDENTIFIED BY command, password doesn't get replaced by asterisks in MariaDB audit log and shows as plaintext.

References: 
 
https://jira.mariadb.org/browse/MDEV-24965
https://bugzilla.redhat.com/show_bug.cgi?id=1976002
Comment 7 devthomp 2021-07-30 17:58:59 UTC 
Upstream commit for this issue:
https://github.com/MariaDB/server/commit/25ecf8ed4b
Comment 9 devthomp 2021-07-30 18:33:04 UTC 
Created mariadb tracking bugs for this issue:

Affects: fedora-all [bug 1988531]


Created mariadb:10.3/mariadb tracking bugs for this issue:

Affects: fedora-all [bug 1988532]


Created mariadb:10.4/mariadb tracking bugs for this issue:

Affects: fedora-all [bug 1988533]


Created mariadb:10.5/mariadb tracking bugs for this issue:

Affects: fedora-all [bug 1988534]
Comment 12 errata-xmlrpc 2022-03-22 10:19:49 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7

Via RHSA-2022:1007 https://access.redhat.com/errata/RHSA-2022:1007
Comment 13 errata-xmlrpc 2022-03-22 12:27:16 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7

Via RHSA-2022:1010 https://access.redhat.com/errata/RHSA-2022:1010
Comment 14 errata-xmlrpc 2022-04-26 17:29:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1556 https://access.redhat.com/errata/RHSA-2022:1556
Comment 15 errata-xmlrpc 2022-04-26 17:29:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1557 https://access.redhat.com/errata/RHSA-2022:1557
Comment 16 errata-xmlrpc 2022-05-31 12:16:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:4818 https://access.redhat.com/errata/RHSA-2022:4818