OpenStack Dashboard (Horizon)

clear text passwords shown in log file at DEBUG level

Bug #1327935 reported by Giulio Fidente on 2014-06-09

This bug report is a duplicate of: Bug #1004114: Password logging. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Dashboard (Horizon)	Incomplete	Undecided	Unassigned

Bug Description

horizon seems to be printing in the log file the passwords in clear text at the DEBUG level

Revision history for this message

Julie Pichon (jpichon) wrote on 2014-06-09:

Could you specify which loggers are logging in clear text? If it's coming from the keystone client, I suspect this may be a duplicate of bug 1004114. Looking at the patch history, it doesn't look like the keystone client part of the fix was ever merged...

Changed in horizon:
status:	New → Incomplete

Revision history for this message

Giulio Fidente (gfidente) wrote on 2014-06-09:

confirmed, this is from keystone client:

2014-06-09 08:41:36,538 1748 DEBUG openstack_auth.backend Beginning user authentication for user "admin".
2014-06-09 08:41:36,538 1748 DEBUG keystoneclient.session REQ: curl -i -X POST http://192.168.4.2:5000/v2.0/tokens -H "Content-Type: application/json" -H "Accept: application/json" -H "User-Agent: python-keystoneclient" -d '{"auth": {"passwordCredentials": {"username": "admin", "password": "wrongpass"}}}'

Revision history for this message

Julie Pichon (jpichon) wrote on 2014-06-09:

Thanks for the reply, I will mark this as a duplicate of bug 1004114.

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1004114 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.