Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Done
Priority: Major - P3
Fix Version/s: 2.5.4
Affects Version/s: 2.4.3
Component/s: Security
Labels:
None

Operating System:
ALL
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

Example log line:

Thu Apr 25 16:35:30.246 [conn1]  authenticate db: test { authenticate: 1, nonce: "ce88504553b16752", user: "z", key: "6deb79af26ebcdd2b2c40438008cb7b0" }

The log entry has more than enough information for any malicious entity to impersonate a user. And even worse, the log will also display an error if authentication fails, so it is easy to tell which users are valid just by examining the logs.

Assignee:: Andy Schwerin
Reporter:: Randolph Tan
Participants:: Andy Schwerin, Githook User, Randolph Tan
Votes:: 0 Vote for this issue
Watchers:: 3 Start watching this issue

Created:: Apr 25 2013 08:38:31 PM UTC
Updated:: Jul 11 2016 05:38:19 PM UTC
Resolved:: Nov 14 2013 12:06:29 AM UTC

Details

Description

Attachments

Forms

Activity

People

Dates