[jira] [Updated] (ARTEMIS-927) ActiveMQ logs cluster password in plain text

Dmitrii Tikhomirov (JIRA) Tue, 17 Jan 2017 09:33:59 -0800

     [ 
https://issues.apache.org/jira/browse/ARTEMIS-927?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Dmitrii Tikhomirov updated ARTEMIS-927:
---------------------------------------
    Description: 
Artemis logs cluster-password in plain text in trace logs - search for 
"password=123456":
{code}
standalone/log/server-trace.log:11:40:28,348 TRACE 
[org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl] (Thread-2 
(ActiveMQ-server-org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl$3@7cb044f3-1867296341))
 Sending blocking PACKET(CreateSessionMessage)[type=30, channelID=1, 
packetObject=CreateSessionMessage, autoCommitAcks=true, autoCommitSends=true, 
defaultAddress=null, minLargeMessageSize=102400, 
name=3237df3a-dbd8-11e6-a43f-3ca9f4349bfc, password=123456, 
preAcknowledge=true, sessionChannelID=10, username=ACTIVEMQ.CLUSTER.ADMIN.USER, 
version=128, windowSize=1048576, xa=false]

standalone/log/server-trace.log:11:40:28,400 TRACE 
[org.apache.activemq.artemis.core.protocol.core.impl.RemotingConnectionImpl] 
(Thread-3 (activemq-netty-threads-1775061070)) handling packet 
PACKET(CreateSessionMessage)[type=30, channelID=1, 
packetObject=CreateSessionMessage, autoCommitAcks=true, autoCommitSends=true, 
defaultAddress=null, minLargeMessageSize=102400, 
name=323a9e03-dbd8-11e6-9a66-3ca9f4349bfc, password=123456, 
preAcknowledge=true, sessionChannelID=10, username=ACTIVEMQ.CLUSTER.ADMIN.USER, 
version=128, windowSize=1048576, xa=false]
{code}

Password could be leaked in this way and should be replaced by "*****"



  was:
Artemis logs cluster-password in plain text in trace logs - search for 
"password=123456":
{code}
standalone/log/server-trace.log:11:40:28,348 TRACE 
[org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl] (Thread-2 
(ActiveMQ-server-org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl$3@7cb044f3-1867296341))
 Sending blocking PACKET(CreateSessionMessage)[type=30, channelID=1, 
packetObject=CreateSessionMessage, autoCommitAcks=true, autoCommitSends=true, 
defaultAddress=null, minLargeMessageSize=102400, 
name=3237df3a-dbd8-11e6-a43f-3ca9f4349bfc, password=123456, 
preAcknowledge=true, sessionChannelID=10, username=ACTIVEMQ.CLUSTER.ADMIN.USER, 
version=128, windowSize=1048576, xa=false]
standalone/log/server-trace.log:11:40:28,400 TRACE 
[org.apache.activemq.artemis.core.protocol.core.impl.RemotingConnectionImpl] 
(Thread-3 (activemq-netty-threads-1775061070)) handling packet 
PACKET(CreateSessionMessage)[type=30, channelID=1, 
packetObject=CreateSessionMessage, autoCommitAcks=true, autoCommitSends=true, 
defaultAddress=null, minLargeMessageSize=102400, 
name=323a9e03-dbd8-11e6-9a66-3ca9f4349bfc, password=123456, 
preAcknowledge=true, sessionChannelID=10, username=ACTIVEMQ.CLUSTER.ADMIN.USER, 
version=128, windowSize=1048576, xa=false]
{code}

Password could be leaked in this way and should be replaced by "*****"




> ActiveMQ logs cluster password in plain text
> --------------------------------------------
>
>                 Key: ARTEMIS-927
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-927
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>    Affects Versions: 1.5.0
>            Reporter: Dmitrii Tikhomirov
>             Fix For: 1.5.x
>
>
> Artemis logs cluster-password in plain text in trace logs - search for 
> "password=123456":
> {code}
> standalone/log/server-trace.log:11:40:28,348 TRACE 
> [org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl] (Thread-2 
> (ActiveMQ-server-org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl$3@7cb044f3-1867296341))
>  Sending blocking PACKET(CreateSessionMessage)[type=30, channelID=1, 
> packetObject=CreateSessionMessage, autoCommitAcks=true, autoCommitSends=true, 
> defaultAddress=null, minLargeMessageSize=102400, 
> name=3237df3a-dbd8-11e6-a43f-3ca9f4349bfc, password=123456, 
> preAcknowledge=true, sessionChannelID=10, 
> username=ACTIVEMQ.CLUSTER.ADMIN.USER, version=128, windowSize=1048576, 
> xa=false]
> standalone/log/server-trace.log:11:40:28,400 TRACE 
> [org.apache.activemq.artemis.core.protocol.core.impl.RemotingConnectionImpl] 
> (Thread-3 (activemq-netty-threads-1775061070)) handling packet 
> PACKET(CreateSessionMessage)[type=30, channelID=1, 
> packetObject=CreateSessionMessage, autoCommitAcks=true, autoCommitSends=true, 
> defaultAddress=null, minLargeMessageSize=102400, 
> name=323a9e03-dbd8-11e6-9a66-3ca9f4349bfc, password=123456, 
> preAcknowledge=true, sessionChannelID=10, 
> username=ACTIVEMQ.CLUSTER.ADMIN.USER, version=128, windowSize=1048576, 
> xa=false]
> {code}
> Password could be leaked in this way and should be replaced by "*****"



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (ARTEMIS-927) ActiveMQ logs cluster password in plain text

Reply via email to