-
Bug
-
Resolution: Done
-
Critical
-
None
-
None
-
None
When TRACE logging is set there is password logged into log.
14:41:28,701 DEBUG [org.wildfly.security] (default task-36) Creating [class javax.naming.directory.InitialDirContext] with environment: 14:41:28,701 DEBUG [org.wildfly.security] (default task-36) Property [java.naming.security.credentials] with value [[s, e, c, r, e, t]] 14:41:28,701 DEBUG [org.wildfly.security] (default task-36) Property [java.naming.ldap.factory.socket] with value [org.wildfly.security.auth.realm.ldap.ThreadLocalSSLSocketFactory] 14:41:28,701 DEBUG [org.wildfly.security] (default task-36) Property [java.naming.security.authentication] with value [simple] 14:41:28,701 DEBUG [org.wildfly.security] (default task-36) Property [java.naming.provider.url] with value [ldaps://localhost.localdomain:15636 ldaps://localhost.localdomain:15637 ldaps://localhost.localdomain:15638] 14:41:28,701 DEBUG [org.wildfly.security] (default task-36) Property [com.sun.jndi.ldap.read.timeout] with value [60000] 14:41:28,701 DEBUG [org.wildfly.security] (default task-36) Property [com.sun.jndi.ldap.connect.pool] with value [false] 14:41:28,701 DEBUG [org.wildfly.security] (default task-36) Property [com.sun.jndi.ldap.connect.timeout] with value [5000] 14:41:28,701 DEBUG [org.wildfly.security] (default task-36) Property [java.naming.security.principal] with value [uid=admin,ou=system] 14:41:28,701 DEBUG [org.wildfly.security] (default task-36) Property [java.naming.referral] with value [ignore] 14:41:28,701 DEBUG [org.wildfly.security] (default task-36) Property [java.naming.factory.initial] with value [com.sun.jndi.ldap.LdapCtxFactory]
There was similar PicketBox issue in past based on customer request[1]
- clones
-
JBEAP-13039 Mask password when logging LDAP connection environment
- Closed