Red Hat Bugzilla – Bug 1336541
LDAP bind username and password being logged in plain text in evm.log
Last modified: 2016-08-24 09:51:58 EDT
Description of problem: When the system is binding with CloudForms we are seeing that the password is being logged in plain text. Version-Release number of selected component (if applicable): 5.6.0.6-beta2.5.20160511140943_ff75fb2 How reproducible: always Steps to Reproduce: 1. configure authentication mode to ldap 2. specify all the ldap details in cfme web ui and validate the ldap configurations and save. 3. monitor the evm.log, observe that the password logged as plain text. Actual results: Password logged as plain text. Expected results: Password needs to be filtered/masked in the logs. Additional info: 192.168.100.137> grep bind_pwd evm.log [----] I, [2016-05-16T15:10:39.044372 #12466:83d998] INFO -- : :bind_pwd: <PLAIN TEXT>
https://github.com/ManageIQ/manageiq/pull/8800
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/95b35b7adcc82a42f2a97c6f2240ff874665ea3c commit 95b35b7adcc82a42f2a97c6f2240ff874665ea3c Author: Joe VLcek <jvlcek@redhat.com> AuthorDate: Wed May 18 17:46:13 2016 -0400 Commit: Joe VLcek <jvlcek@redhat.com> CommitDate: Wed May 18 17:50:24 2016 -0400 Update #log_hases to handle Set object filters https://bugzilla.redhat.com/show_bug.cgi?id=1336541 gems/pending/spec/util/vmdb-logger_spec.rb | 8 ++++++++ gems/pending/util/vmdb-logger.rb | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-)
verified in 5.6.0.8-rc1.20160524155303_f2a5a50 Issue not reproducible. [root@host-192-168-55-6 log]# grep -ir <PASSWORD> . [root@host-192-168-55-6 log]# Additional logs attached.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1348