1208580 – (CVE-2015-1849) CVE-2015-1849 JBoss EAP: LDAP bind password is being logged with TRACE log level

Bug 1208580 (CVE-2015-1849) - CVE-2015-1849 JBoss EAP: LDAP bind password is being logged with TRACE log level

Summary: CVE-2015-1849 JBoss EAP: LDAP bind password is being logged with TRACE log level

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2015-1849
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1199641
Blocks:	1209463
TreeView+	depends on / blocked

Reported:	2015-04-02 15:06 UTC by Vasyl Kaigorodov
Modified:	2021-10-21 00:43 UTC (History)
CC List:	29 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-10-21 00:43:37 UTC
Embargoed:

Attachments	(Terms of Use)

Description Vasyl Kaigorodov 2015-04-02 15:06:04 UTC

It was reported that jboss-negotiation-extras logs LDAP bind credentials when TRACE logging is enabled:

https://bugzilla.redhat.com/show_bug.cgi?id=1199641

Comment 3 Kurt Seifried 2015-04-09 19:07:17 UTC

This issue is public:

https://github.com/wildfly-security/jboss-negotiation/pull/21

Comment 4 Timothy Walsh 2015-06-25 04:35:45 UTC

This issue has been resolved in EAP 6.4.1

Note You need to log in before you can comment on or make changes to this bug.

aileenc
asantos
bdawidow
cdewolf
chazlett
dandread
darran.lofthouse
gvarsami
jason.greene
jawilson
jcoleman
jolee
jpallich
kkhan
ldimaggi
lgao
mweiler
myarboro
nwallace
pslavice
rsvoboda
rwagner
security-response-team
tcunning
theute
tkirby
ttarrant
twalsh
vtunka