View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001275 | bareos-core | General | public | 2020-10-16 17:28 | 2020-10-16 17:28 |
| Reporter | roos | Assigned To | |||
| Priority | high | Severity | major | Reproducibility | always |
| Status | new | Resolution | open | ||
| Platform | Linux | OS | CentOS | OS Version | 7 |
| Product Version | 19.2.8 | ||||
| Summary | 0001275: Credentials of LDAP plugin are logged / leaked when error occurs | ||||
| Description | If an error occurs while trying to perform a LDAP backup, the complete credentials for the bind are logged to bconsole / webui. Example leakage log: 2020-10-16 17:23:53 backup.xx.yy-fd JobId 42531: Fatal error: Plugin Directory not defined. Cannot use plugin: "python:module_path=/usr/lib64/bareos/plugins:module_name=bareos-fd-ldap:uri=ldaps\://ldap.example.com:basedn=dc=example,dc=com:bind_dn=cn=admin,dc=example,dc=com:password=AdminExamplePassWordYouShouldNotSee!" Maybe read the credentials / binding setup from a separate config file, so it is not logged anymore. | ||||
| Steps To Reproduce | I saw it on config errors. | ||||
| Tags | No tags attached. | ||||
| bareos-master: impact | |||||
| bareos-master: action | |||||
| bareos-19.2: impact | |||||
| bareos-19.2: action | |||||
| bareos-18.2: impact | |||||
| bareos-18.2: action | |||||
| bareos-17.2: impact | |||||
| bareos-17.2: action | |||||
| bareos-16.2: impact | |||||
| bareos-16.2: action | |||||
| bareos-15.2: impact | |||||
| bareos-15.2: action | |||||
| bareos-14.2: impact | |||||
| bareos-14.2: action | |||||
| bareos-13.2: impact | |||||
| bareos-13.2: action | |||||
| bareos-12.4: impact | |||||
| bareos-12.4: action | |||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2020-10-16 17:28 | roos | New Issue |
