Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-7910

Encrypted system property is written in clear text in etc/system.properties

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • fuse-7.3
    • jboss-fuse-6.3
    • Fabric8 v1
    • None
    • % %
    • Fuse 7.3 Sprint 40 - Dev #1

    Description

      Parent issue: https://issues.jboss.org/browse/ENTESB-7459.

      The command used to encrypt the password is
      fabric:encrypt-message changeit

      which will output something like
      Encrypting message changeit
      Using algorithm PBEWithMD5AndDES and password admin
      Result: 34tPFod1/zoPA3Aqm80zi/SkUNhHJIZE

      If we put this in fabric profile in the following format

      system.javax.net.ssl.trustStore=c:/keystores/test.jks
system.javax.net.ssl.trustStorePassword=${crypt:34tPFod1/zoPA3Aqm80zi/SkUNhHJIZE}
system.javax.net.ssl.keyStore=c:/keystores/test.jks
system.javax.net.ssl.keyStorePassword=${crypt:34tPFod1/zoPA3Aqm80zi/SkUNhHJIZE}

      After adding the profile to the Fabric container, the etc/system.properties file contains:

      javax.net.ssl.trustStore = c:/keystores/test.jks
javax.net.ssl.trustStorePassword = changeit
javax.net.ssl.keyStore = c:/keystores/test.jks
javax.net.ssl.keyStorePassword = changeit
javax.net.ssl.keyStorePassword.encrypted = crypt:34tPFod1/zoPA3Aqm80zi/SkUNhHJIZE
javax.net.ssl.trustStorePassword.encrypted = crypt:34tPFod1/zoPA3Aqm80zi/SkUNhHJIZE

      We can see the decrypted password appearing in the system.properties file if it is already encrypted, in clear text.
      The /etc/system.properties file should not display any password in clear text.

      Attachments

        Issue Links

          is related to

          Bug - A problem that impairs or prevents the functions of the product. ENTESB-7459 System property encrypted password in profile is logged as decrypted clear text by fabric agent

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Done

          Enhancement - An enhancement to or refactoring of existing functionality that is not configurable by an end user (typically a change made by an internal team that affects users) ENTESB-9132 Use Elytron Credential Store in custom PersistenceManager with new felix.configadmin 1.9.0

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              ggrzybek Grzegorz Grzybek
              rhn-support-vgohel Viral Gohel
              Vratislav Hais Vratislav Hais (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: