Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-54848

Memcached always logs "unknown" as the username for incorrect password

    XMLWordPrintable

Details

    • Untriaged
    • 0
    • Unknown
    • KV 2023-2

    Description

      The log message for invalid password tries to add the username assigned to the connection, but the username will only be updated upon successful authentication.

              LOG_WARNING(
      		 
                      "{}: Invalid password specified for [{}]. Mechanism:[{}], "
      		 
                      "UUID:[{}]",
      		 
                      connection.getId(),
      		 
                      cb::UserDataView(connection.getUser().name),
      		 
                      mechanism,
      		 
                      cookie.getEventId());

      should be

              LOG_WARNING(
      		 
                      "{}: Invalid password specified for [{}]. Mechanism:[{}], "
      		 
                      "UUID:[{}]",
      		 
                      connection.getId(),
      		 
                      cb::UserDataView(serverContext.getUser().name),
      		 
                      mechanism,
      		 
                      cookie.getEventId());

      Note that it is only the log entry which is incorrect. The generated audit event contains the correct user.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            trond Trond Norbye
            trond Trond Norbye
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty