Dmitry Lysnichenko created AMBARI-6234:
------------------------------------------
Summary: Security issue - private key password show in logs
Key: AMBARI-6234
URL: https://issues.apache.org/jira/browse/AMBARI-6234
Project: Ambari
Issue Type: Bug
Components: controller
Affects Versions: 1.6.1
Reporter: Dmitry Lysnichenko
Assignee: Dmitry Lysnichenko
Priority: Critical
Fix For: 1.6.1
During generating private key and certificates using openssl password of key
shown in logs:
{noformat}
11:21:30,735 INFO [main] ShellCommandUtil:44 - Command openssl genrsa -des3
-passout pass:**** -out /var/lib/ambari-server/keys/ca.key 4096 was finished
with exit code: 0 - the operation was completely successfully.
11:21:30,750 INFO [main] ShellCommandUtil:44 - Command openssl req -passin
pass:**** -new -key /var/lib/ambari-server/keys/ca.key -out
/var/lib/ambari-server/keys/ca.csr -batch was finished with exit code: 0 - the
operation was completely successfully.
11:21:30,766 INFO [main] ShellCommandUtil:44 - Command open**** ca
-create_serial -out /var/lib/ambari-server/keys/ca.crt -days 365 -keyfile
/var/lib/ambari-server/keys/ca.key -key
vgGAzzSaCPkI3F7UU7qZZY6CahDUTSnY7B9a8TH0YiGDB10LdJ -selfsign -extensions
jdk7_ca -config /var/lib/ambari-server/keys/ca.config -batch -infiles
/var/lib/ambari-server/keys/ca.csr was finished with exit code: 0 - the
operation was completely successfully.
11:21:30,773 INFO [main] ShellCommandUtil:44 - Command openssl pkcs12 -export
-in /var/lib/ambari-server/keys/ca.crt -inkey
/var/lib/ambari-server/keys/ca.key -certfile /var/lib/ambari-server/keys/ca.crt
-out /var/lib/ambari-server/keys/keystore.p12 -password pass:**** -passin
pass:****
{noformat}
see "-key vgGAzzSaCPkI3F7UU7qZZY6CahDUTSnY7B9a8TH0YiGDB10LdJ"
--
This message was sent by Atlassian JIRA
(v6.2#6252)
