Uploaded image for project: 'RH-SSO'
  1. RH-SSO
  2. RHSSO-757

LDAPOperationManager can write a user's password to the log file

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • RH-SSO-7.1.0.CR1
    • None
    • None
    • None
    • Hide
      • enable TRACE level logging
      • configure an LDAP user federation provider
      • configure the LDAP user federation provider as "WRITABLE"
      • login as a regular user and update the password
      • look for the following log file entry:
        2017-01-17 08:44:03,144 TRACE [org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager] (default task-27) Op [2]: userpassword = imapassword
      Show
      enable TRACE level logging configure an LDAP user federation provider configure the LDAP user federation provider as "WRITABLE" login as a regular user and update the password look for the following log file entry: 2017-01-17 08:44:03,144 TRACE [org.keycloak.federation.ldap.idm.store.ldap.LDAPOperationManager] (default task-27) Op [2] : userpassword = imapassword

      If trace level logging is turned on and a user updates their password, the LDAPOperationManager will write the user's password to the log.

            pdrozd1@redhat.com Pavel Drozd
            rhn-support-dehort Derek Horton
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: