[SERVER-10869] Redact password data from logs for user management commands Created: 24/Sep/13  Updated: 30/Oct/15  Resolved: 25/Nov/13

Status: Closed
Project: Core Server
Component/s: Logging, Security
Affects Version/s: None
Fix Version/s: 2.5.5

Type: Bug Priority: Major - P3
Reporter: Spencer Brody (Inactive) Assignee: Andy Schwerin
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to SERVER-12049 Redact password data from profiler/sl... Closed
Operating System: ALL
Participants:

 Description   

If the createUser command is logged for any reason, it includes the password in plaintext.

runQuery called test.$cmd { createUser: "spencer", pwd: "password", roles: [ "readWrite" ], writeConcern: { w: "majority", wtimeout: 30000.0 } }



 Comments   
Comment by Andy Schwerin [ 25/Nov/13 ]

Docs should be updated to note that with --vv or --verbosity=2 or higher, password data (possibly clear-text) may appear in logs.

Comment by Githook User [ 25/Nov/13 ]

Author:

{u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

Message: SERVER-10869 Do not log unredacted commands below debug log level 2.
Branch: master
https://github.com/mongodb/mongo/commit/03a3e1c7afef6e49f56e3bd5b058331646098147

Comment by Andy Schwerin [ 13/Nov/13 ]

We should change docs to reflect that when the debug verbosity is 2 or greater (--verbosity=2, -vv), passwords may end up in the debug logs, and then bump log levels or redact as appropriate.

Generated at Thu Feb 08 03:24:16 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.