Univention Bugzilla – Bug 31053
Plain password in listener.log with debug 4
Last modified: 2013-06-27 16:05:19 CEST
The listener.log logs the plain password of the binddn when using debug level 4 - as this is already hidden for another debug message, this should be adjusted: "15.04.13 02:01:25.226 LISTENER ( INFO ) : setting data for all handlers: key=bindpw value=<PLAIN PASSWORD>" "15.04.13 02:01:25.226 LISTENER ( INFO ) : replication: listener passed key="bindpw" value="<HIDDEN>""
(In reply to Tim Petersen from comment #0) The first message is from the listener, while the second message is from the replication module. The listener has been changed to hide "bindpw" as well: # grep bindpw /var/log/univention/listener.log 25.06.13 09:17:55.690 LISTENER ( INFO ) : setting data for all handlers: key=bindpw value=<HIDDEN> 25.06.13 09:17:55.690 LISTENER ( INFO ) : pkgdb-watch: listener passed key="bindpw" value="<HIDDEN>" UCS-3.2-0: svn41644 univention-directory-listener_8.0.0-1.202.201306250908 ChangeLog: svn41644 \item The password is hidden from the logfile on high debug levels (\ucsBug{31053}). UCS-3.1-1-errata: svn41646 univention-directory-listener_7.0.9-1.203.201306250914 2013-06-25-univention-directory-listener.yaml svn41647
Verified, changelog wording adjusted slightly.
http://errata.univention.de/ucs/3.1/132.html