View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0001275 | bareos-core | General | public | 2020-10-16 17:28 | 2020-10-16 17:28 |
Reporter | roos | Assigned To | |||
Priority | high | Severity | major | Reproducibility | always |
Status | new | Resolution | open | ||
Platform | Linux | OS | CentOS | OS Version | 7 |
Product Version | 19.2.8 | ||||
Summary | 0001275: Credentials of LDAP plugin are logged / leaked when error occurs | ||||
Description | If an error occurs while trying to perform a LDAP backup, the complete credentials for the bind are logged to bconsole / webui. Example leakage log: 2020-10-16 17:23:53 backup.xx.yy-fd JobId 42531: Fatal error: Plugin Directory not defined. Cannot use plugin: "python:module_path=/usr/lib64/bareos/plugins:module_name=bareos-fd-ldap:uri=ldaps\://ldap.example.com:basedn=dc=example,dc=com:bind_dn=cn=admin,dc=example,dc=com:password=AdminExamplePassWordYouShouldNotSee!" Maybe read the credentials / binding setup from a separate config file, so it is not logged anymore. | ||||
Steps To Reproduce | I saw it on config errors. | ||||
Tags | No tags attached. | ||||
bareos-master: impact | |||||
bareos-master: action | |||||
bareos-19.2: impact | |||||
bareos-19.2: action | |||||
bareos-18.2: impact | |||||
bareos-18.2: action | |||||
bareos-17.2: impact | |||||
bareos-17.2: action | |||||
bareos-16.2: impact | |||||
bareos-16.2: action | |||||
bareos-15.2: impact | |||||
bareos-15.2: action | |||||
bareos-14.2: impact | |||||
bareos-14.2: action | |||||
bareos-13.2: impact | |||||
bareos-13.2: action | |||||
bareos-12.4: impact | |||||
bareos-12.4: action | |||||
Date Modified | Username | Field | Change |
---|---|---|---|
2020-10-16 17:28 | roos | New Issue |