Bug 39996

Summary: Self service token is written to logfile
Product: UCS Reporter: Sönke Schwardt-Krummrich <schwardt>
Component: Self ServiceAssignee: Daniel Tröder <troeder>
Status: CLOSED FIXED QA Contact: Florian Best <best>
Severity: normal    
Priority: P5 CC: walkenhorst
Version: UCS 4.1   
Target Milestone: UCS 4.1-0-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:

Description Sönke Schwardt-Krummrich univentionstaff 2015-11-17 12:52:57 CET 
For security reasons the self service token should never be written to logfiles.
Currently the token is written to a logfile (maybe only certain debug levels).
Comment 1 Daniel Tröder univentionstaff 2015-11-17 15:56:03 CET 
Code changes: r65638
YAML (r65661): 2015-11-17-univention-self-service.yaml
Comment 2 Florian Best univentionstaff 2015-12-04 17:11:22 CET 
Could not find any occurrence:
ucr set umc/module/debug/level=4
grep "$token" -- $(find /var/log/ -name '*.log')
Comment 3 Janek Walkenhorst univentionstaff 2015-12-09 16:48:38 CET 
<http://errata.software-univention.de/ucs/4.1/24.html>