[jira] [Commented] (ARTEMIS-927) ActiveMQ logs cluster password in plain text

Tue, 17 Jan 2017 09:45:53 -0800 

    [ 
https://issues.apache.org/jira/browse/ARTEMIS-927?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15826472#comment-15826472
 ] 

ASF GitHub Bot commented on ARTEMIS-927:
----------------------------------------

GitHub user treblereel opened a pull request:

    https://github.com/apache/activemq-artemis/pull/966

    ARTEMIS-927 ActiveMQ logs cluster password in plain text

    JIRA: https://issues.apache.org/jira/browse/ARTEMIS-927

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/treblereel/activemq-artemis-wildfly 
ARTEMIS-927

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/activemq-artemis/pull/966.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #966
    
----
commit e7bf61f9c094415f9dacf18e4580123a261396bd
Author: Dmitrii Tikhomirov <[email protected]>
Date:   2017-01-17T17:43:18Z

    ARTEMIS-927 ActiveMQ logs cluster password in plain text

----


> ActiveMQ logs cluster password in plain text
> --------------------------------------------
>
>                 Key: ARTEMIS-927
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-927
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>    Affects Versions: 1.5.0
>            Reporter: Dmitrii Tikhomirov
>            Assignee: Justin Bertram
>             Fix For: 2.0.0, 1.5.x
>
>
> Artemis logs cluster-password in plain text in trace logs - search for 
> "password=123456":
> {code}
> standalone/log/server-trace.log:11:40:28,348 TRACE 
> [org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl] (Thread-2 
> (ActiveMQ-server-org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl$3@7cb044f3-1867296341))
>  Sending blocking PACKET(CreateSessionMessage)[type=30, channelID=1, 
> packetObject=CreateSessionMessage, autoCommitAcks=true, autoCommitSends=true, 
> defaultAddress=null, minLargeMessageSize=102400, 
> name=3237df3a-dbd8-11e6-a43f-3ca9f4349bfc, password=123456, 
> preAcknowledge=true, sessionChannelID=10, 
> username=ACTIVEMQ.CLUSTER.ADMIN.USER, version=128, windowSize=1048576, 
> xa=false]
> standalone/log/server-trace.log:11:40:28,400 TRACE 
> [org.apache.activemq.artemis.core.protocol.core.impl.RemotingConnectionImpl] 
> (Thread-3 (activemq-netty-threads-1775061070)) handling packet 
> PACKET(CreateSessionMessage)[type=30, channelID=1, 
> packetObject=CreateSessionMessage, autoCommitAcks=true, autoCommitSends=true, 
> defaultAddress=null, minLargeMessageSize=102400, 
> name=323a9e03-dbd8-11e6-9a66-3ca9f4349bfc, password=123456, 
> preAcknowledge=true, sessionChannelID=10, 
> username=ACTIVEMQ.CLUSTER.ADMIN.USER, version=128, windowSize=1048576, 
> xa=false]
> {code}
> Password could be leaked in this way and should be replaced by "*****"



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to