Bug 20610

Summary: UDM-Passwort in Prozessliste sichtbar
Product: UCS Reporter: Sönke Schwardt-Krummrich <schwardt>
Component: UDM - CLIAssignee: UMC maintainers <umc-maintainers>
Status: REOPENED --- QA Contact:
Severity: normal    
Priority: P5 CC: best, gohmann, oyen, santiago, walkenhorst
Version: UCS 4.4   
Target Milestone: UCS 3.2-x   
Hardware: Other   
OS: Linux   
See Also: https://forge.univention.org/bugzilla/show_bug.cgi?id=20611
https://forge.univention.org/bugzilla/show_bug.cgi?id=40422
https://forge.univention.org/bugzilla/show_bug.cgi?id=32984
https://forge.univention.org/bugzilla/show_bug.cgi?id=31996
https://forge.univention.org/bugzilla/show_bug.cgi?id=46842
What kind of report is it?: Security Issue What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:

Description Sönke Schwardt-Krummrich univentionstaff 2010-11-05 11:14:05 CET 
Derzeit ist das an UDM-CLI übergebene Passwort in der Prozessliste sichtbar, wenn eines angegeben wurde.

$ ps axww | grep udm
/usr/bin/python2.4 /usr/sbin/udm users/user list --binddn cn=qamaster,cn=dc,cn=computers,dc=univention,dc=qa --bindpw F0NNsopR

(Unvollständige) Liste der mögliche Lösungen:
- UDM entfernt Passwort aus Prozessliste (ldapsearch macht dies auch)
- UDM bekommt Passwort per Datei übergeben
Comment 1 Janek Walkenhorst univentionstaff 2013-07-03 17:05:57 CEST 
(In reply to Sönke Schwardt-Krummrich from comment #0)
> - UDM entfernt Passwort aus Prozessliste (ldapsearch macht dies auch)
This is not actually a solution, see Bug #20611
Comment 2 Stefan Gohmann univentionstaff 2016-04-25 07:52:05 CEST 
This issue has been filed against UCS 2.4.

UCS 2.4 is out of maintenance and many UCS components have vastly changed in
later releases. Thus, this issue is now being closed.

If this issue still occurs in newer UCS versions, please use "Clone this bug".
In this case please provide detailed information on how this issue is affecting
you.
Comment 3 Stefan Gohmann univentionstaff 2019-01-03 07:18:08 CET 
This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018.

Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact
your partner or Univention for any questions.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.