jclouds-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ignasi Barrera (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (JCLOUDS-958) HttpResponseException prints username and password involved in request
Date Mon, 03 Aug 2015 08:34:05 GMT

     [ https://issues.apache.org/jira/browse/JCLOUDS-958?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Ignasi Barrera resolved JCLOUDS-958.
------------------------------------
    Resolution: Fixed

> HttpResponseException prints username and password involved in request
> ----------------------------------------------------------------------
>
>                 Key: JCLOUDS-958
>                 URL: https://issues.apache.org/jira/browse/JCLOUDS-958
>             Project: jclouds
>          Issue Type: Bug
>          Components: jclouds-core
>    Affects Versions: 1.9.0
>         Environment: Any. Attempting to communicate to a openstack keystone server on
Ubuntu with wrong credentials
>            Reporter: Arvind Nadendla
>              Labels: logging, security
>             Fix For: 2.0.0, 1.9.1
>
>
> When trying to communicate with a server with an invalid credentials, I will get an error
that contains the username and password used in the request.
> This is an important security issue as the username and password are revealed in plain
text. There might be other places where sensitive information is exposed. 
> OUTPUT
> ================================================
> Caused by: org.jclouds.http.HttpResponseException: request: POST https://x.x.x.x:5000/v2.0/tokens
HTTP/1.1  [{"auth":{"passwordCredentials":{"username":"admin","password":"admin"},"tenantName":"demo"}}]
failed with response: HTTP/1.1 401 Unauthorized
> 	at org.jclouds.openstack.nova.v2_0.handlers.NovaErrorHandler.handleError(NovaErrorHandler.java:78)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message