Hi Rodrigo,
What attacks are possible if this info is exposed?
I think printing the first one on debug is ok since that mode shouldn't be
enabled in production, while it might be very useful while debugging.
For the second one I could agree that we should print a sanitized warn
depending on the log level if the info we expose is a good surface for
attacks.
Regards,
Viktor
On Mon, Aug 21, 2017 at 10:17 PM, Rodrigo Andrade wrote:
> Hi all,
>
> I think Kafka should avoid printing
> SaslServerAuthenticator.credentialCache information through Log. I
> noticed
> that it might happen at lines 162 and 181 in SaslServerAuthentication. More
> specifically, through these lines:
>
> *LOG.debug("Creating SaslServer for {} with mechanism {}", kerberosName,
> saslMechanism);*
>
> *LOG.warn("Cannot add private credential to subject; clients authentication
> may fail", ex);*
>
> Perhaps sanitizing the information being printed would solve this issue.
>
> Best regards,
> Rodrigo Andrade
>