Details
-
Bug
-
Resolution: Fixed
-
Major
-
None
-
Untriaged
-
0
-
Unknown
-
KV 2023-2
Description
The log message for invalid password tries to add the username assigned to the connection, but the username will only be updated upon successful authentication.
LOG_WARNING(
|
"{}: Invalid password specified for [{}]. Mechanism:[{}], "
|
"UUID:[{}]",
|
connection.getId(),
|
cb::UserDataView(connection.getUser().name),
|
mechanism,
|
cookie.getEventId());
|
should be
LOG_WARNING(
|
"{}: Invalid password specified for [{}]. Mechanism:[{}], "
|
"UUID:[{}]",
|
connection.getId(),
|
cb::UserDataView(serverContext.getUser().name),
|
mechanism,
|
cookie.getEventId());
|
Note that it is only the log entry which is incorrect. The generated audit event contains the correct user.