View Issue Details

IDProjectCategoryView StatusLast Update
0001275bareos-coreGeneralpublic2023-09-12 16:35
Reporterroos Assigned Tobruno-at-bareos  
Status closedResolutionfixed 
PlatformLinuxOSCentOSOS Version7
Product Version19.2.8 
Summary0001275: Credentials of LDAP plugin are logged / leaked when error occurs
DescriptionIf an error occurs while trying to perform a LDAP backup, the complete credentials for the bind are logged to bconsole / webui.

Example leakage log:

2020-10-16 17:23:53 backup.xx.yy-fd JobId 42531: Fatal error: Plugin Directory not defined. Cannot use plugin: "python:module_path=/usr/lib64/bareos/plugins:module_name=bareos-fd-ldap:uri=ldaps\://,dc=com:bind_dn=cn=admin,dc=example,dc=com:password=AdminExamplePassWordYouShouldNotSee!"

Maybe read the credentials / binding setup from a separate config file, so it is not logged anymore.
Steps To ReproduceI saw it on config errors.
TagsNo tags attached.




2023-08-02 19:12

manager   ~0005312

The change to hide the password in the JobMessage look trivial to implement. Volunteer to make a community github PR ?


2023-09-12 16:35

manager   ~0005422

no return, please test new python3 version of the plugin and reopen a new ticket if needed.

Issue History

Date Modified Username Field Change
2020-10-16 17:28 roos New Issue
2023-08-02 19:12 bruno-at-bareos Assigned To => bruno-at-bareos
2023-08-02 19:12 bruno-at-bareos Status new => feedback
2023-08-02 19:12 bruno-at-bareos Note Added: 0005312
2023-09-12 16:35 bruno-at-bareos Status feedback => closed
2023-09-12 16:35 bruno-at-bareos Resolution open => fixed
2023-09-12 16:35 bruno-at-bareos Note Added: 0005422