activemq-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ARTEMIS-927) ActiveMQ logs cluster password in plain text
Date Tue, 17 Jan 2017 19:28:26 GMT

    [ https://issues.apache.org/jira/browse/ARTEMIS-927?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15826657#comment-15826657
] 

ASF subversion and git services commented on ARTEMIS-927:
---------------------------------------------------------

Commit 68c4e508472362ffccf6b15f43523b505ff3bc11 in activemq-artemis's branch refs/heads/master
from [~jbertram]
[ https://git-wip-us.apache.org/repos/asf?p=activemq-artemis.git;h=68c4e50 ]

ARTEMIS-927 mask password in CreateSessionMessage


> ActiveMQ logs cluster password in plain text
> --------------------------------------------
>
>                 Key: ARTEMIS-927
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-927
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>    Affects Versions: 1.5.0
>            Reporter: Dmitrii Tikhomirov
>            Assignee: Justin Bertram
>             Fix For: 2.0.0, 1.5.x
>
>
> Artemis logs cluster-password in plain text in trace logs - search for "password=123456":
> {code}
> standalone/log/server-trace.log:11:40:28,348 TRACE [org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl]
(Thread-2 (ActiveMQ-server-org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl$3@7cb044f3-1867296341))
Sending blocking PACKET(CreateSessionMessage)[type=30, channelID=1, packetObject=CreateSessionMessage,
autoCommitAcks=true, autoCommitSends=true, defaultAddress=null, minLargeMessageSize=102400,
name=3237df3a-dbd8-11e6-a43f-3ca9f4349bfc, password=123456, preAcknowledge=true, sessionChannelID=10,
username=ACTIVEMQ.CLUSTER.ADMIN.USER, version=128, windowSize=1048576, xa=false]
> standalone/log/server-trace.log:11:40:28,400 TRACE [org.apache.activemq.artemis.core.protocol.core.impl.RemotingConnectionImpl]
(Thread-3 (activemq-netty-threads-1775061070)) handling packet PACKET(CreateSessionMessage)[type=30,
channelID=1, packetObject=CreateSessionMessage, autoCommitAcks=true, autoCommitSends=true,
defaultAddress=null, minLargeMessageSize=102400, name=323a9e03-dbd8-11e6-9a66-3ca9f4349bfc,
password=123456, preAcknowledge=true, sessionChannelID=10, username=ACTIVEMQ.CLUSTER.ADMIN.USER,
version=128, windowSize=1048576, xa=false]
> {code}
> Password could be leaked in this way and should be replaced by "*****"



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message