[JCLOUDS-958] HttpResponseException prints username and password involved in request - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.9.0
Fix Version/s: 1.9.1, 2.0.0
Component/s: jclouds-core
Labels:
- logging
- security
Environment:
Any. Attempting to communicate to a openstack keystone server on Ubuntu with wrong credentials

Description

When trying to communicate with a server with an invalid credentials, I will get an error that contains the username and password used in the request.

This is an important security issue as the username and password are revealed in plain text. There might be other places where sensitive information is exposed.

OUTPUT
================================================
Caused by: org.jclouds.http.HttpResponseException: request: POST https://x.x.x.x:5000/v2.0/tokens HTTP/1.1 [{"auth":{"passwordCredentials":

{"username":"admin","password":"admin"}

,"tenantName":"demo"}}] failed with response: HTTP/1.1 401 Unauthorized
at org.jclouds.openstack.nova.v2_0.handlers.NovaErrorHandler.handleError(NovaErrorHandler.java:78)

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Arvind Nadendla

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 10/Jul/15 06:17

Updated:: 03/Aug/15 08:33

Resolved:: 03/Aug/15 08:33