Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-8283

(7.1.0) ActiveMQ logs cluster password in plain text

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 7.1.0.DR11
    • 7.1.0.DR10
    • ActiveMQ
    • None

      Artemis logs cluster-password in plain text in trace logs - search for "password=123456":

      standalone/log/server-trace.log:11:40:28,348 TRACE [org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl] (Thread-2 (ActiveMQ-server-org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl$3@7cb044f3-1867296341)) Sending blocking PACKET(CreateSessionMessage)[type=30, channelID=1, packetObject=CreateSessionMessage, autoCommitAcks=true, autoCommitSends=true, defaultAddress=null, minLargeMessageSize=102400, name=3237df3a-dbd8-11e6-a43f-3ca9f4349bfc, password=123456, preAcknowledge=true, sessionChannelID=10, username=ACTIVEMQ.CLUSTER.ADMIN.USER, version=128, windowSize=1048576, xa=false]
standalone/log/server-trace.log:11:40:28,400 TRACE [org.apache.activemq.artemis.core.protocol.core.impl.RemotingConnectionImpl] (Thread-3 (activemq-netty-threads-1775061070)) handling packet PACKET(CreateSessionMessage)[type=30, channelID=1, packetObject=CreateSessionMessage, autoCommitAcks=true, autoCommitSends=true, defaultAddress=null, minLargeMessageSize=102400, name=323a9e03-dbd8-11e6-9a66-3ca9f4349bfc, password=123456, preAcknowledge=true, sessionChannelID=10, username=ACTIVEMQ.CLUSTER.ADMIN.USER, version=128, windowSize=1048576, xa=false]

      Password could be leaked in this way and should be replaced by "*****"

              mtaylor1@redhat.com Martyn Taylor (Inactive)
              mnovak1@redhat.com Miroslav Novak
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: