[jira] Assigned: (DIRSERVER-1544) Logs store the user password in clear

Kiran Ayyagari (JIRA) Wed, 01 Sep 2010 22:26:22 -0700

     [ 
https://issues.apache.org/jira/browse/DIRSERVER-1544?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Kiran Ayyagari reassigned DIRSERVER-1544:
-----------------------------------------

    Assignee: Kiran Ayyagari

> Logs store the user password in clear
> -------------------------------------
>
>                 Key: DIRSERVER-1544
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1544
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 1.5.7
>            Reporter: Emmanuel Lecharny
>            Assignee: Kiran Ayyagari
>            Priority: Blocker
>             Fix For: 2.0.0-RC1
>
>
> When issuing a BindRequest with DEBUG log activated, the logs contain the 
> user password :
> [11:02:51] DEBUG [org.apache.directory.server.ldap.handlers.BindHandler] - 
> Received:     BindRequest
>         Version : '3'
>         Name : 'uid=elecharny,ou=People,dc=iktek,dc=com'
>         Simple authentication : 'My password/0x...'
> This is a bit an issue, IMO...
> Of course, if we dump the PDU, we will be able to get those info too, but 
> it's not really safe anyway.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Assigned: (DIRSERVER-1544) Logs store the user password in clear

Reply via email to