Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-11230

sslPEMKeyPassword is exposed through task manager on Windows

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Works as Designed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Security
    • Labels:
    • Environment:
      Running on Windows 2008 Server R2,
      Mongodb version (git hash): 1ea7e56cb2b8653d4b0453f04728033df34be9e1 (from 10/15)
    • Operating System:
      Windows
    • Steps To Reproduce:
      Hide

      1. Launch a mongod with a sslPEMKeyFile that requires a password. Provide the password through sslPEMKeyPassword.

      mongod --sslMode sslOnly --sslPEMKeyFile libs/client_password.pem --sslCAFile libs/ca_377.pem --sslPEMKeyPassword "asdf" --dbpath data/db

      2. Open the Task Manager. Show the command line by going to View --> Select Columns... and making sure "Command Line" is checked.
      3. You can see the password exposed, as in the screenshot.

      Show
      1. Launch a mongod with a sslPEMKeyFile that requires a password. Provide the password through sslPEMKeyPassword. mongod --sslMode sslOnly --sslPEMKeyFile libs/client_password.pem --sslCAFile libs/ca_377.pem --sslPEMKeyPassword "asdf" --dbpath data/db 2. Open the Task Manager. Show the command line by going to View --> Select Columns... and making sure "Command Line" is checked. 3. You can see the password exposed, as in the screenshot.

      Description

      The argument to sslPEMKeyPassword can be revealed through the task manager on Windows. See the screenshot.

        Attachments

        1. ca_377.pem
          1.0 kB
        2. client_password.pem
          4 kB
        3. Screen Shot 2013-10-16 at 5.01.43 PM.png
          Screen Shot 2013-10-16 at 5.01.43 PM.png
          633 kB

          Activity

            People

            Assignee:
            andreas.nilsson Andreas Nilsson
            Reporter:
            luke.lovett Luke Lovett
            Participants:
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: