Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-11230

sslPEMKeyPassword is exposed through task manager on Windows

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: Security
    • Environment:
      Running on Windows 2008 Server R2,
      Mongodb version (git hash): 1ea7e56cb2b8653d4b0453f04728033df34be9e1 (from 10/15)
    • Windows
    • Hide

      1. Launch a mongod with a sslPEMKeyFile that requires a password. Provide the password through sslPEMKeyPassword.

      mongod --sslMode sslOnly --sslPEMKeyFile libs/client_password.pem --sslCAFile libs/ca_377.pem --sslPEMKeyPassword "asdf" --dbpath data/db

      2. Open the Task Manager. Show the command line by going to View --> Select Columns... and making sure "Command Line" is checked.
      3. You can see the password exposed, as in the screenshot.

      Show
      1. Launch a mongod with a sslPEMKeyFile that requires a password. Provide the password through sslPEMKeyPassword. mongod --sslMode sslOnly --sslPEMKeyFile libs/client_password.pem --sslCAFile libs/ca_377.pem --sslPEMKeyPassword "asdf" --dbpath data/db 2. Open the Task Manager. Show the command line by going to View --> Select Columns... and making sure "Command Line" is checked. 3. You can see the password exposed, as in the screenshot.
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None

      The argument to sslPEMKeyPassword can be revealed through the task manager on Windows. See the screenshot.

        1. ca_377.pem
          1.0 kB
        2. client_password.pem
          4 kB
        3. Screen Shot 2013-10-16 at 5.01.43 PM.png
          Screen Shot 2013-10-16 at 5.01.43 PM.png
          633 kB

            Assignee:
            andreas.nilsson Andreas Nilsson (Inactive)
            Reporter:
            luke.lovett Luke Lovett (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: