[
https://issues.apache.org/jira/browse/ZOOKEEPER-1917?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13978056#comment-13978056
]
Flavio Junqueira commented on ZOOKEEPER-1917:
---------------------------------------------
This is what I get when using this setAcl command with the cli:
{noformat}
setAcl /test-acl digest:super:/qrRr7/v21dMo0iDVdd2lttJEyw=:cdrwa
{noformat}
First, what goes into the transaction log and I extract with logformatter:
{noformat}
23/04/14 11:28:26 BST session 0x1458e0f5a130001 cxid 0xd zxid 0x1f setACL
'/test-acl,v{s{31,s{'digest,'super:/qrRr7/v21dMo0iDVdd2lttJEyw=}}},1
{noformat}
I also get this log message, but the encoding seems to be incorrect:
{noformat}
2014-04-23 11:28:26,120 [myid:] - DEBUG [ProcessThread(sid:0
cport:-1)::PrepRequestProcessor@305] - Client credentials: ['ip,'127.0.0.1
, 'digest,'super:Aayiuo6ORq4pteRsUdo6sM7mmf4=
]
{noformat}
> Apache Zookeeper logs cleartext admin passwords
> -----------------------------------------------
>
> Key: ZOOKEEPER-1917
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1917
> Project: ZooKeeper
> Issue Type: Bug
> Reporter: Flavio Junqueira
> Priority: Blocker
> Fix For: 3.4.7, 3.5.0
>
>
> Check the CVE entry for a description:
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0085
--
This message was sent by Atlassian JIRA
(v6.2#6252)
