Dmitrii Tikhomirov created ARTEMIS-927:
------------------------------------------
Summary: ActiveMQ logs cluster password in plain text
Key: ARTEMIS-927
URL: https://issues.apache.org/jira/browse/ARTEMIS-927
Project: ActiveMQ Artemis
Issue Type: Bug
Affects Versions: 1.5.0
Reporter: Dmitrii Tikhomirov
Fix For: 1.5.x
Artemis logs cluster-password in plain text in trace logs - search for
"password=123456":
{code}
standalone/log/server-trace.log:11:40:28,348 TRACE
[org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl] (Thread-2
(ActiveMQ-server-org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl$3@7cb044f3-1867296341))
Sending blocking PACKET(CreateSessionMessage)[type=30, channelID=1,
packetObject=CreateSessionMessage, autoCommitAcks=true, autoCommitSends=true,
defaultAddress=null, minLargeMessageSize=102400,
name=3237df3a-dbd8-11e6-a43f-3ca9f4349bfc, password=123456,
preAcknowledge=true, sessionChannelID=10, username=ACTIVEMQ.CLUSTER.ADMIN.USER,
version=128, windowSize=1048576, xa=false]
standalone/log/server-trace.log:11:40:28,400 TRACE
[org.apache.activemq.artemis.core.protocol.core.impl.RemotingConnectionImpl]
(Thread-3 (activemq-netty-threads-1775061070)) handling packet
PACKET(CreateSessionMessage)[type=30, channelID=1,
packetObject=CreateSessionMessage, autoCommitAcks=true, autoCommitSends=true,
defaultAddress=null, minLargeMessageSize=102400,
name=323a9e03-dbd8-11e6-9a66-3ca9f4349bfc, password=123456,
preAcknowledge=true, sessionChannelID=10, username=ACTIVEMQ.CLUSTER.ADMIN.USER,
version=128, windowSize=1048576, xa=false]
{code}
Password could be leaked in this way and should be replaced by "*****"
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
