Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1336541 - LDAP bind username and password being logged in plain text in evm.log
Summary: LDAP bind username and password being logged in plain text in evm.log
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Appliance
Version: 5.6.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: GA
: 5.6.0
Assignee: Joe Vlcek
QA Contact: amogh
URL:
Whiteboard: ldap
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-05-16 19:20 UTC by amogh
Modified: 2016-08-24 13:51 UTC (History)
7 users (show)

Fixed In Version: 5.6.0.8
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-06-29 16:02:51 UTC
Category: ---
Cloudforms Team: ---
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:1348 0 normal SHIPPED_LIVE CFME 5.6.0 bug fixes and enhancement update 2016-06-29 18:50:04 UTC

Description amogh 2016-05-16 19:20:11 UTC
Description of problem:
When the system is binding with CloudForms we are seeing that the password is being logged in plain text.

Version-Release number of selected component (if applicable):
5.6.0.6-beta2.5.20160511140943_ff75fb2

How reproducible:
always

Steps to Reproduce:
1. configure authentication mode to ldap
2. specify all the ldap details in cfme web ui and validate the ldap configurations and save.
3. monitor the evm.log, observe that the password logged as plain text.

Actual results:
Password logged as plain text.

Expected results:
Password needs to be filtered/masked in the logs.

Additional info:
192.168.100.137> grep bind_pwd evm.log
[----] I, [2016-05-16T15:10:39.044372 #12466:83d998]  INFO -- :     :bind_pwd: <PLAIN TEXT>

Comment 3 CFME Bot 2016-05-19 17:05:46 UTC
New commit detected on ManageIQ/manageiq/master:
https://github.com/ManageIQ/manageiq/commit/95b35b7adcc82a42f2a97c6f2240ff874665ea3c

commit 95b35b7adcc82a42f2a97c6f2240ff874665ea3c
Author:     Joe VLcek <jvlcek@redhat.com>
AuthorDate: Wed May 18 17:46:13 2016 -0400
Commit:     Joe VLcek <jvlcek@redhat.com>
CommitDate: Wed May 18 17:50:24 2016 -0400

    Update #log_hases to handle Set object filters
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1336541

 gems/pending/spec/util/vmdb-logger_spec.rb | 8 ++++++++
 gems/pending/util/vmdb-logger.rb           | 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

Comment 4 amogh 2016-06-01 13:36:42 UTC
verified in 5.6.0.8-rc1.20160524155303_f2a5a50
Issue not reproducible.

[root@host-192-168-55-6 log]# grep -ir <PASSWORD> .
[root@host-192-168-55-6 log]#

Additional logs attached.

Comment 7 errata-xmlrpc 2016-06-29 16:02:51 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1348


Note You need to log in before you can comment on or make changes to this bug.