View Issue Details

IDProjectCategoryView StatusLast Update
0001275bareos-core[All Projects] Generalpublic2020-10-16 17:28
ReporterroosAssigned To 
PriorityhighSeveritymajorReproducibilityalways
Status newResolutionopen 
PlatformLinuxOSCentOSOS Version7
Product Version19.2.8 
Fixed in Version 
Summary0001275: Credentials of LDAP plugin are logged / leaked when error occurs
DescriptionIf an error occurs while trying to perform a LDAP backup, the complete credentials for the bind are logged to bconsole / webui.

Example leakage log:

2020-10-16 17:23:53 backup.xx.yy-fd JobId 42531: Fatal error: Plugin Directory not defined. Cannot use plugin: "python:module_path=/usr/lib64/bareos/plugins:module_name=bareos-fd-ldap:uri=ldaps\://ldap.example.com:basedn=dc=example,dc=com:bind_dn=cn=admin,dc=example,dc=com:password=AdminExamplePassWordYouShouldNotSee!"


Maybe read the credentials / binding setup from a separate config file, so it is not logged anymore.
Steps To ReproduceI saw it on config errors.
TagsNo tags attached.
bareos-master: impact
bareos-master: action
bareos-19.2: impact
bareos-19.2: action
bareos-18.2: impact
bareos-18.2: action
bareos-17.2: impact
bareos-17.2: action
bareos-16.2: impact
bareos-16.2: action
bareos-15.2: impact
bareos-15.2: action
bareos-14.2: impact
bareos-14.2: action
bareos-13.2: impact
bareos-13.2: action
bareos-12.4: impact
bareos-12.4: action

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2020-10-16 17:28 roos New Issue