Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 9AAA12009D9 for ; Tue, 3 May 2016 01:26:14 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 993D81609B0; Tue, 3 May 2016 01:26:14 +0200 (CEST) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id E42281602C5 for ; Tue, 3 May 2016 01:26:13 +0200 (CEST) Received: (qmail 47600 invoked by uid 500); 2 May 2016 23:26:13 -0000 Mailing-List: contact dev-help@zookeeper.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@zookeeper.apache.org Delivered-To: mailing list dev@zookeeper.apache.org Received: (qmail 47580 invoked by uid 99); 2 May 2016 23:26:12 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 02 May 2016 23:26:12 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id D6F942C1F5C for ; Mon, 2 May 2016 23:26:12 +0000 (UTC) Date: Mon, 2 May 2016 23:26:12 +0000 (UTC) From: "Michael Han (JIRA)" To: dev@zookeeper.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (ZOOKEEPER-2405) getTGT() in Login.java mishandles confidential information MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Mon, 02 May 2016 23:26:14 -0000 [ https://issues.apache.org/jira/browse/ZOOKEEPER-2405?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Han updated ZOOKEEPER-2405: ----------------------------------- Attachment: ZOOKEEPER-2405.patch Attach a patch for the fix. I think it is reasonable to log client and server principal for debugging as these should not be considered as sensitive information (comparing to other fields in TGT such as the ticket session key.), and log them might be helpful than completely remove them from a debugging point of view. Regarding the debug output from Kerberos itself when debugging is enabled (by setting debug to true in both jaas.conf and in JVM), the output does not contain anything specific related to TGT, except the client / server principals. [~phunt] PTAL > getTGT() in Login.java mishandles confidential information > ---------------------------------------------------------- > > Key: ZOOKEEPER-2405 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2405 > Project: ZooKeeper > Issue Type: Bug > Components: kerberos, security, server > Affects Versions: 3.4.8, 3.5.1, 3.6.0 > Reporter: Patrick Hunt > Priority: Blocker > Fix For: 3.4.9, 3.5.2, 3.6.0 > > Attachments: ZOOKEEPER-2405.patch > > > We're logging the kerberos ticket when in debug mode, probably not the best idea. This was identified as a "critical" issue by Fortify. > {noformat} > for(KerberosTicket ticket: tickets) { > KerberosPrincipal server = ticket.getServer(); > if (server.getName().equals("krbtgt/" + server.getRealm() + "@" + server.getRealm())) { > LOG.debug("Found tgt " + ticket + "."); > return ticket; > } > } > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)