Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Won't Fix
Priority: Minor - P4
Fix Version/s: None
Affects Version/s: None
Component/s: Security
Labels:
- neweng

Operating System:
ALL
Steps To Reproduce:

Hide

openssl req -new -x509 -days 365 -nodes -out mongodb-cert.pem -passout pass:foo -keyout mongodb-cert.key

$ ps | grep mongo
21132 0.9 0.9 4461600 38468 s002 S+ 4:17PM 0:00.16 /Users/breinero/git/mongo/mongod --sslOnNormalPorts --sslPEMKeyFile /Users/breinero/qatest/mongo.pem --sslPEMKeyPassword xxx

Show
openssl req -new -x509 -days 365 -nodes -out mongodb-cert.pem -passout pass:foo -keyout mongodb-cert.key $ ps | grep mongo 21132 0.9 0.9 4461600 38468 s002 S+ 4:17PM 0:00.16 /Users/breinero/git/mongo/mongod --sslOnNormalPorts --sslPEMKeyFile /Users/breinero/qatest/mongo.pem --sslPEMKeyPassword xxx
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

Mongod obfuscates the command line so that the ssl key password is overwritten with 'x's but the number of 'x's indicate the length of the password. A single 'x' would be preferable regardless of actual password length.

Assignee:: Unassigned
Reporter:: Bryan Reinero (Inactive)
Participants:: Andy Schwerin, Bryan Reinero
Votes:: 0 Vote for this issue
Watchers:: 6 Start watching this issue

Created:: Feb 22 2013 12:43:52 AM UTC
Updated:: Dec 10 2014 11:14:31 PM UTC
Resolved:: May 07 2013 08:57:37 PM UTC

Details

Description

Attachments

Activity

People

Dates