Cleartext password from user.log is not masked in collected logs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Low
|
João Victor Portal |
Bug Description
Brief Description
-----------------
The collect tool doesn't mask public/private registry passwords in "/var/log/user.log" file.
Severity
--------
Minor
Steps to Reproduce
------------------
Deploy an AIOSX using a public/private registry with user and password. The following log will appear in "/var/log/
2021-12-
2021-12-
Use the command "collect all" to gather the logs.
Expected Behavior
------------------
The password "regpass" should be masked in the collected files.
Actual Behavior
----------------
The password "regpass" is not masked in the collected files.
Reproducibility
---------------
100% Reproducible.
System Configuration
-------
Any.
Branch/Pull Time/Commit
-------
N/A.
Last Pass
---------
N/A.
Timestamp/Logs
--------------
N/A.
Test Activity
-------------
N/A.
Workaround
----------
N/A.
summary: |
- Cleartext password from user.log are not masked in collected logs + Cleartext password from user.log is not masked in collected logs |
Changed in starlingx: | |
status: | New → In Progress |
Changed in starlingx: | |
assignee: | nobody → João Victor Portal (jvictorp) |
tags: | added: stx.security |
tags: | added: stx.7.0 |
screening: would be nice to fix, but will not gate the upcoming stx.6.0 release.