Actions
Bug #13657
closed
Script rudder-support-info does not mask credentials
Pull Request:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Operational - other Techniques | Rudder settings | Plugins
Effort required:
Very Small
Priority:
95
Name check:
Fix check:
Regression:
Description
Following things should be anonymized:
- rudder.auth.ldap.connection.bind.password in ./rudder/rudder-web.properties
Updated by 
Updated by
Updated by Benoît PECCATTE over 5 years ago
- Severity set to Critical - prevents main use of Rudder | no workaround | data loss | security
- User visibility set to Operational - other Techniques | Rudder settings | Plugins
- Priority changed from 0 to 96
Updated by Nicolas CHARLES over 5 years ago
we should anonymise:
- syslog/rsyslog.d/rudder.conf : anonymise password in line that contains :ompgsql:ip,db, user,PGPW;RudderReportsFormat
- rudder/rudder-web.properties , PGPW and LDAPPW
- rudder/inventory-web.properties : LDAPPW
Idealy, if we could anonymize it in a way taht let us detect if values are the same, it would be great for debuuging
Updated by Nicolas CHARLES over 5 years ago
- Status changed from New to In progress
Updated by Nicolas CHARLES over 5 years ago
Updated by Nicolas CHARLES over 5 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Nicolas CHARLES to Benoît PECCATTE
- Pull Request set to https://github.com/Normation/rudder-packages/pull/1857
Updated by Nicolas CHARLES over 5 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder-packages|db3c1a1c27081b45b70a1a604b7ea9dd733af314.
Updated by Vincent MEMBRÉ over 5 years ago
- Status changed from Pending release to Released
- Priority changed from 96 to 95
This bug has been fixed in Rudder 5.0.10 which was released today.
Actions