jclouds-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arvind Nadendla (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (JCLOUDS-958) HttpResponseException prints username and password involved in request
Date Fri, 10 Jul 2015 10:54:04 GMT

    [ https://issues.apache.org/jira/browse/JCLOUDS-958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14622143#comment-14622143

Arvind Nadendla commented on JCLOUDS-958:

request.getPayload().getRawContent() is causing the printing of the username and password.

org.jclouds.openstack.keystone.v2_0.binders.BindAuthToJsonPayload.bindToRequest(R, Map<String,
Object>) is converting the PasswordCredentials to json and putting it in the request

hope this helps to narrow down the issue


> HttpResponseException prints username and password involved in request
> ----------------------------------------------------------------------
>                 Key: JCLOUDS-958
>                 URL: https://issues.apache.org/jira/browse/JCLOUDS-958
>             Project: jclouds
>          Issue Type: Bug
>          Components: jclouds-core
>    Affects Versions: 1.9.0
>         Environment: Any. Attempting to communicate to a openstack keystone server on
Ubuntu with wrong credentials
>            Reporter: Arvind Nadendla
>              Labels: logging, security
> When trying to communicate with a server with an invalid credentials, I will get an error
that contains the username and password used in the request.
> This is an important security issue as the username and password are revealed in plain
text. There might be other places where sensitive information is exposed. 
> ================================================
> Caused by: org.jclouds.http.HttpResponseException: request: POST https://x.x.x.x:5000/v2.0/tokens
HTTP/1.1  [{"auth":{"passwordCredentials":{"username":"admin","password":"admin"},"tenantName":"demo"}}]
failed with response: HTTP/1.1 401 Unauthorized
> 	at org.jclouds.openstack.nova.v2_0.handlers.NovaErrorHandler.handleError(NovaErrorHandler.java:78)

This message was sent by Atlassian JIRA

View raw message