Bug 1634808 - Password hashes in Automate Log
Summary: Password hashes in Automate Log
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Automate
Version: 5.9.3
Hardware: All
OS: Linux
high
high
Target Milestone: GA
: 5.9.5
Assignee: Lucy Fu
QA Contact: Dmitry Misharov
Red Hat CloudForms Documentation
URL:
Whiteboard:
Depends On: 1619385
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-10-01 16:51 UTC by Satoe Imaishi
Modified: 2018-11-05 14:00 UTC (History)
10 users (show)

Fixed In Version: 5.9.5.1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1619385
Environment:
Last Closed: 2018-11-05 13:59:40 UTC
Category: ---
Cloudforms Team: ---


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:3466 None None None 2018-11-05 14:00:11 UTC

Comment 3 CFME Bot 2018-10-01 17:42:46 UTC
New commit detected on ManageIQ/manageiq-gems-pending/gaprindashvili:

https://github.com/ManageIQ/manageiq-gems-pending/commit/3707a9a85a9b93325e566a7dbe1cdcb01f1c55cc
commit 3707a9a85a9b93325e566a7dbe1cdcb01f1c55cc
Author:     Brandon Dunne <brandondunne@hotmail.com>
AuthorDate: Tue Sep 25 14:52:08 2018 -0400
Commit:     Brandon Dunne <brandondunne@hotmail.com>
CommitDate: Tue Sep 25 14:52:08 2018 -0400

    Merge pull request #373 from lfu/password_log_1619385

    Changes to MiqPassword.sanitize_string to support URL encoded password.

    (cherry picked from commit 2fa61e91ce5eeba1dc969e38c76faaee61cb7eb6)

    https://bugzilla.redhat.com/show_bug.cgi?id=1634808

 lib/gems/pending/util/miq-password.rb | 7 +-
 spec/util/miq-password_spec.rb | 6 +-
 2 files changed, 8 insertions(+), 5 deletions(-)

Comment 4 CFME Bot 2018-10-01 17:51:21 UTC
New commits detected on ManageIQ/manageiq/gaprindashvili:

https://github.com/ManageIQ/manageiq/commit/043a181fe873034556cd0783bef4e71ab8d0e8fa
commit 043a181fe873034556cd0783bef4e71ab8d0e8fa
Author:     Greg McCullough <gmccullo@redhat.com>
AuthorDate: Thu Sep 13 17:16:52 2018 -0400
Commit:     Greg McCullough <gmccullo@redhat.com>
CommitDate: Thu Sep 13 17:16:52 2018 -0400

    Merge pull request #17986 from lfu/password_log_1619385

    Add regex for dialog password fields.

    (cherry picked from commit cadcbc726d83f8a6e87421f48aa0b1c8f0ccff46)

    https://bugzilla.redhat.com/show_bug.cgi?id=1634808

 app/models/miq_request_workflow.rb | 2 +-
 spec/models/miq_request_workflow_spec.rb | 6 +
 2 files changed, 7 insertions(+), 1 deletion(-)


https://github.com/ManageIQ/manageiq/commit/0f7e2841503386353759597323761eee76aefd10
commit 0f7e2841503386353759597323761eee76aefd10
Author:     Greg McCullough <gmccullo@redhat.com>
AuthorDate: Thu Sep 27 14:39:57 2018 -0400
Commit:     Greg McCullough <gmccullo@redhat.com>
CommitDate: Thu Sep 27 14:39:57 2018 -0400

    Merge pull request #18028 from lfu/password_log_2_1619385

    Hide the password values in the log messages.

    (cherry picked from commit 4aee0f3931a86a3b68f8305ee7d56c78df91b056)

    https://bugzilla.redhat.com/show_bug.cgi?id=1634808

 app/models/manageiq/providers/embedded_ansible/automation_manager/playbook.rb | 3 +-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comment 5 CFME Bot 2018-10-01 17:54:02 UTC
New commit detected on ManageIQ/manageiq-automation_engine/gaprindashvili:

https://github.com/ManageIQ/manageiq-automation_engine/commit/2452d0e82324067fb18782805ff5ad2872744fdf
commit 2452d0e82324067fb18782805ff5ad2872744fdf
Author:     Madhu Kanoor <mkanoor@redhat.com>
AuthorDate: Mon Sep 24 16:44:14 2018 -0400
Commit:     Madhu Kanoor <mkanoor@redhat.com>
CommitDate: Mon Sep 24 16:44:14 2018 -0400

    Merge pull request #228 from lfu/password_log_1619385

    Clean up the password field and value in automate and evm.log

    (cherry picked from commit f294b5636db07acfea58391230a7e8e41be73b1b)

    https://bugzilla.redhat.com/show_bug.cgi?id=1634808

 lib/miq_automation_engine/engine/miq_ae_engine.rb | 10 +-
 lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_domain_search.rb | 2 +-
 lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_object.rb | 6 +-
 lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_workspace_runtime.rb | 2 +-
 lib/miq_automation_engine/engine/miq_ae_method_service/miq_ae_service.rb | 2 +-
 5 files changed, 13 insertions(+), 9 deletions(-)

Comment 7 Dmitry Misharov 2018-10-12 11:25:15 UTC
Fixed and verified in 5.9.5.1.20181008190812_3752291. Passwords hashes are not shown in the logs, "*" characters shown instead.

Comment 9 errata-xmlrpc 2018-11-05 13:59:40 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:3466


Note You need to log in before you can comment on or make changes to this bug.