Uploaded image for project: 'PicketBox '
  1. PicketBox
  2. SECURITY-877

AdvancedLdapLodinMogule is Logging LDAP Bind Credential Password during authentication.

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: Negotiation_2_3_6_Final
    • Fix Version/s: Negotiation_2_3_7_Final
    • Component/s: Negotiation
    • Labels:
      None
    • Environment:

      Wildfly is logging the bindCredentials when using SPNEGO

      Description

      The bind Credential are being logged:

      2015-03-19 19:33:28,569 TRACE [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-localhost/127.0.0.1:8080-1) Logging into LDAP server, env={baseFilter=(userPrincipalName=

      {0}

      ), java.naming.security.credentials=***, jboss.security.security_domain=SPNEGO, java.naming.ldap.attributes.binary=objectSid, password-stacking=useFirstPass, recurseRoles=false, java.naming.security.authentication=simple, baseCtxDN=DC=example,DC=com, roleAttributeIsDN=true, rolesCtxDN=DC=example,DC=com, java.naming.security.principal=bindUser, allowEmptyPassword=true, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://127.0.0.1:389, roleNameAttributeID=cn, roleAttributeID=memberOf, bindDN=bindUser, bindCredential=password}

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                filippe.spolti Filippe Spolti
                Reporter:
                filippe.spolti Filippe Spolti
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: