[
https://issues.apache.org/jira/browse/JCLOUDS-958?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ignasi Barrera resolved JCLOUDS-958.
------------------------------------
Resolution: Fixed
> HttpResponseException prints username and password involved in request
> ----------------------------------------------------------------------
>
> Key: JCLOUDS-958
> URL: https://issues.apache.org/jira/browse/JCLOUDS-958
> Project: jclouds
> Issue Type: Bug
> Components: jclouds-core
> Affects Versions: 1.9.0
> Environment: Any. Attempting to communicate to a openstack keystone
> server on Ubuntu with wrong credentials
> Reporter: Arvind Nadendla
> Labels: logging, security
> Fix For: 2.0.0, 1.9.1
>
>
> When trying to communicate with a server with an invalid credentials, I will
> get an error that contains the username and password used in the request.
> This is an important security issue as the username and password are revealed
> in plain text. There might be other places where sensitive information is
> exposed.
> OUTPUT
> ================================================
> Caused by: org.jclouds.http.HttpResponseException: request: POST
> https://x.x.x.x:5000/v2.0/tokens HTTP/1.1
> [{"auth":{"passwordCredentials":{"username":"admin","password":"admin"},"tenantName":"demo"}}]
> failed with response: HTTP/1.1 401 Unauthorized
> at
> org.jclouds.openstack.nova.v2_0.handlers.NovaErrorHandler.handleError(NovaErrorHandler.java:78)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
