Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-14144

GoXDCR: Rest passwords leaked in goxdcr.log

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Blocker
    • 4.0.0
    • 4.0.0
    • XDCR
    • Security Level: Public
    • centOS 6.x

    Description

      Build

      4.0.0-1673

      debug.log logs rest password while updating remote cluster reference
      goxdcr.log logs rest password in utils and AdminPort

      [root@centos-64-x64 logs]# grep "mypassword" .

      debug.log:[ns_server:debug,2015-03-26T10:43:08.113,ns_1@127.0.0.1:<0.391.0>:menelaus_metakv:handle_mutate:119]Updated /remoteCluster/81306990a84780c324814ac80c462b19 to hold

      {"id":"remoteCluster/81306990a84780c324814ac80c462b19","uuid":"81306990a84780c324814ac80c462b19","name":".188","hostName":"10.3.4.188:8091","userName":"Administrator","password":"mypassword","demandEncryption":false,"certificate":"","Revision":null}

      debug.log: <<"

      {\"id\":\"remoteCluster/81306990a84780c324814ac80c462b19\",\"uuid\":\"81306990a84780c324814ac80c462b19\",\"name\":\".188\",\"hostName\":\"10.3.4.188:8091\",\"userName\":\"Administrator\",\"password\":\"mypassword\",\"demandEncryption\":false,\"certificate\":\"\",\"Revision\":null}

      ">>]
      debug.log: <<"

      {\"id\":\"remoteCluster/81306990a84780c324814ac80c462b19\",\"uuid\":\"81306990a84780c324814ac80c462b19\",\"name\":\"dest\",\"hostName\":\"10.3.4.188:8091\",\"userName\":\"Administrator\",\"password\":\"mypassword\",\"demandEncryption\":false,\"certificate\":\"\",\"Revision\":null}

      ">>]
      debug.log:[ns_server:debug,2015-03-26T10:44:36.049,ns_1@127.0.0.1:<0.723.0>:menelaus_metakv:handle_mutate:119]Updated /remoteCluster/81306990a84780c324814ac80c462b19 to hold

      {"id":"remoteCluster/81306990a84780c324814ac80c462b19","uuid":"81306990a84780c324814ac80c462b19","name":"dest","hostName":"10.3.4.188:8091","userName":"Administrator","password":"mypassword","demandEncryption":false,"certificate":"","Revision":null}

      debug.log:[ns_server:debug,2015-03-26T10:45:33.196,ns_1@127.0.0.1:<0.1612.0>:menelaus_metakv:handle_mutate:119]Updated /remoteCluster/8f0d8fb950c1dc9207dbe5f7a51b1e8d to hold

      {"id":"remoteCluster/8f0d8fb950c1dc9207dbe5f7a51b1e8d","uuid":"8f0d8fb950c1dc9207dbe5f7a51b1e8d","name":"dest","hostName":"10.3.4.187:8091","userName":"Administrator","password":"mypassword","demandEncryption":false,"certificate":"","Revision":null}

      debug.log: <<"

      {\"id\":\"remoteCluster/8f0d8fb950c1dc9207dbe5f7a51b1e8d\",\"uuid\":\"8f0d8fb950c1dc9207dbe5f7a51b1e8d\",\"name\":\"dest\",\"hostName\":\"10.3.4.187:8091\",\"userName\":\"Administrator\",\"password\":\"mypassword\",\"demandEncryption\":false,\"certificate\":\"\",\"Revision\":null}

      ">>]
      debug.log: <<"

      {\"id\":\"remoteCluster/81306990a84780c324814ac80c462b19\",\"uuid\":\"81306990a84780c324814ac80c462b19\",\"name\":\"dest\",\"hostName\":\"10.3.4.188:8091\",\"userName\":\"Administrator\",\"password\":\"mypassword\",\"demandEncryption\":false,\"certificate\":\"\",\"Revision\":null}

      ">>]
      debug.log:[ns_server:debug,2015-03-26T10:46:18.228,ns_1@127.0.0.1:<0.2111.0>:menelaus_metakv:handle_mutate:119]Updated /remoteCluster/81306990a84780c324814ac80c462b19 to hold

      {"id":"remoteCluster/81306990a84780c324814ac80c462b19","uuid":"81306990a84780c324814ac80c462b19","name":"dest","hostName":"10.3.4.188:8091","userName":"Administrator","password":"mypassword","demandEncryption":false,"certificate":"","Revision":null}

      goxdcr.log:AdminPort2015/03/26 10:43:08.105349 [INFO] Request params: justValidate=false, remoterClusterRef=

      {remoteCluster/660d8498ac289ad2268d6304e1605f89 660d8498ac289ad2268d6304e1605f89 .188 10.3.4.188:8091 Administrator mypassword false [] <nil>}

      goxdcr.log:Utils2015/03/26 10:43:08.116383 [INFO] client={http://Administrator:mypassword@10.3.4.188:8091

      {Administrator mypassword} {map[crypto:3.2 ssl:5.3.3 public_key:0.21 kernel:2.16.4 inets:5.9.8 ns_server:4.0.0-1673-rel-enterprise sasl:2.3.4 stdlib:1.19.4 lhttpc:1.3.0 os_mon:2.2.14 asn1:2.0.4 ale:4.0.0-1673-rel-enterprise] 4.0.0-1673-rel-enterprise true 81306990a84780c324814ac80c462b19 [{default /poolsStreaming/default?uuid=81306990a84780c324814ac80c462b19 /pools/default?uuid=81306990a84780c324814ac80c462b19}]}}
      goxdcr.log:Utils2015/03/26 10:44:07.912206 [INFO] client={http://Administrator:mypassword@10.3.4.188:8091 {Administrator mypassword}

      {map[crypto:3.2 os_mon:2.2.14 public_key:0.21 asn1:2.0.4 kernel:2.16.4 ale:4.0.0-1673-rel-enterprise ns_server:4.0.0-1673-rel-enterprise lhttpc:1.3.0 inets:5.9.8 ssl:5.3.3 sasl:2.3.4 stdlib:1.19.4] 4.0.0-1673-rel-enterprise true 81306990a84780c324814ac80c462b19 [

      {default /poolsStreaming/default?uuid=81306990a84780c324814ac80c462b19 /pools/default?uuid=81306990a84780c324814ac80c462b19}]}}
      goxdcr.log:Utils2015/03/26 10:44:07.952062 [INFO] client={http://Administrator:mypassword@10.3.4.188:8091 {Administrator mypassword} {map[stdlib:1.19.4 os_mon:2.2.14 asn1:2.0.4 inets:5.9.8 ns_server:4.0.0-1673-rel-enterprise crypto:3.2 sasl:2.3.4 lhttpc:1.3.0 public_key:0.21 kernel:2.16.4 ale:4.0.0-1673-rel-enterprise ssl:5.3.3] 4.0.0-1673-rel-enterprise true 81306990a84780c324814ac80c462b19 [{default /poolsStreaming/default?uuid=81306990a84780c324814ac80c462b19 /pools/default?uuid=81306990a84780c324814ac80c462b19}

      ]}}
      goxdcr.log:Utils2015/03/26 10:44:08.083510 [INFO] client={http://Administrator:mypassword@10.3.4.188:8091

      {Administrator mypassword} {map[os_mon:2.2.14 asn1:2.0.4 kernel:2.16.4 ale:4.0.0-1673-rel-enterprise ns_server:4.0.0-1673-rel-enterprise stdlib:1.19.4 lhttpc:1.3.0 public_key:0.21 inets:5.9.8 crypto:3.2 ssl:5.3.3 sasl:2.3.4] 4.0.0-1673-rel-enterprise true 81306990a84780c324814ac80c462b19 [{default /poolsStreaming/default?uuid=81306990a84780c324814ac80c462b19 /pools/default?uuid=81306990a84780c324814ac80c462b19}]}}
      goxdcr.log:Utils2015/03/26 10:44:08.188890 [INFO] client={http://Administrator:mypassword@10.3.4.188:8091 {Administrator mypassword}

      {map[os_mon:2.2.14 kernel:2.16.4 ale:4.0.0-1673-rel-enterprise inets:5.9.8 crypto:3.2 sasl:2.3.4 lhttpc:1.3.0 asn1:2.0.4 ns_server:4.0.0-1673-rel-enterprise ssl:5.3.3 stdlib:1.19.4 public_key:0.21] 4.0.0-1673-rel-enterprise true 81306990a84780c324814ac80c462b19 [

      {default /poolsStreaming/default?uuid=81306990a84780c324814ac80c462b19 /pools/default?uuid=81306990a84780c324814ac80c462b19}]}}
      goxdcr.log:Utils2015/03/26 10:44:08.254058 [INFO] client={http://Administrator:mypassword@10.3.4.188:8091 {Administrator mypassword} {map[public_key:0.21 inets:5.9.8 ns_server:4.0.0-1673-rel-enterprise crypto:3.2 stdlib:1.19.4 os_mon:2.2.14 asn1:2.0.4 kernel:2.16.4 ale:4.0.0-1673-rel-enterprise ssl:5.3.3 sasl:2.3.4 lhttpc:1.3.0] 4.0.0-1673-rel-enterprise true 81306990a84780c324814ac80c462b19 [{default /poolsStreaming/default?uuid=81306990a84780c324814ac80c462b19 /pools/default?uuid=81306990a84780c324814ac80c462b19}

      ]}}

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MB-14629 XDCR: Use metakv sensitive APIs to set/add sensitive info.

          • Major - Major loss of function.
          • Resolved
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              apiravi Aruna Piravi (Inactive)
              apiravi Aruna Piravi (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                PagerDuty