Logging authentication tokens in debug while using proxy commands or network namespaces
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Sahara |
Fix Released
|
High
|
Michael McCune | ||
Juno |
Fix Released
|
High
|
Michael McCune | ||
Kilo |
Fix Released
|
High
|
Michael McCune |
Bug Description
Under some conditions sahara will log authentication tokens while in debug mode. This can occur when the sahara server is configured to use proxy commands or network namespaces to communicate with its cluster nodes.
The offending code can be found in sahara/
ctx = context.current()
Although this is a corner case for sahara operation, and it will only occur while the server is in debug mode, this log message should be changed to remove the sensitive information.
information type: | Private Security → Public Security |
Changed in sahara: | |
importance: | Undecided → High |
Changed in sahara: | |
status: | Fix Committed → Fix Released |
Changed in sahara: | |
milestone: | liberty-3 → 3.0.0 |
adding a patch to resolve this issue by removing the token from the logs