Bug 39996 - Self service token is written to logfile
Self service token is written to logfile
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Self Service
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.1-0-errata
Assigned To: Daniel Tröder
Florian Best
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-17 12:52 CET by Sönke Schwardt-Krummrich
Modified: 2015-12-09 16:48 CET (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sönke Schwardt-Krummrich univentionstaff 2015-11-17 12:52:57 CET
For security reasons the self service token should never be written to logfiles.
Currently the token is written to a logfile (maybe only certain debug levels).
Comment 1 Daniel Tröder univentionstaff 2015-11-17 15:56:03 CET
Code changes: r65638
YAML (r65661): 2015-11-17-univention-self-service.yaml
Comment 2 Florian Best univentionstaff 2015-12-04 17:11:22 CET
Could not find any occurrence:
ucr set umc/module/debug/level=4
grep "$token" -- $(find /var/log/ -name '*.log')
Comment 3 Janek Walkenhorst univentionstaff 2015-12-09 16:48:38 CET
<http://errata.software-univention.de/ucs/4.1/24.html>