Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-5904

couchbase logs/diags/collectinfos should not contain user/password credentials

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 2.0, 2.2.0
    • Fix Version/s: 2.2.0
    • Component/s: ns_server
    • Security Level: Public
    • Labels:
    • Sprint:
      12/Aug - 30/Aug

      Description

      customers attached logs to bugs, that is not safe for them and it's a bad practice

      example:

      "port_listen=11211,default_bucket_name=default,downstream_max=1024,downstream_conn_max=4,connect_max_errors=5,connect_retry_interval=30000,connect_timeout=400,auth_timeout=100,cycle=200,downstream_conn_queue_timeout=200,downstream_timeout=5000,wait_queue_timeout=200",
      "-z",
      "url=http://127.0.0.1:8091/pools/default/saslBucketsStreaming",
      "-p","0","-Y","y","-O","stderr",[]],
      [{env,
      [

      {"EVENT_NOSELECT","1"}

      ,

      {"MOXI_SASL_PLAIN_USR","Administrator"}

      ,

      {"MOXI_SASL_PLAIN_PWD","PASSWORD_HERE"}

      ]},
      use_stdio,exit_status,port_server_send_eol,
      stderr_to_stdout,stream]}},
      {mfargs,
      {supervisor_cushion,start_link,
      [moxi,5000,ns_port_server,start_link,
      [moxi,"/opt/couchbase/bin/moxi",
      ["-Z",

      I guess password in logs should be changed on ****.

        Issue Links

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

          andreibaranouski Andrei Baranouski created issue -
          peter peter made changes -
          Field Original Value New Value
          Fix Version/s 2.0 [ 10114 ]
          Fix Version/s 2.0-beta [ 10113 ]
          Sprint Status Current Sprint
          Hide
          deepkaran.salooja Deepkaran Salooja added a comment -

          Found one more instance of this where ebucketmigrator_srv is logging the password for the bucket:

          [rebalance:info,2012-09-03T2:31:52.152,ns_1@10.3.2.57:<0.11240.1>:ebucketmigrator_srv:init:522]Starting tap stream:
          [{vbuckets,"

          {"},
          {checkpoints,[{123,2}]},
          {name,<<"rebalance_123">>},
          {takeover,true}]
          {{"10.3.2.57",11209},
          {"10.3.3.98",11209},
          [{username,"saslbucket"},
          {password,"saslpass"},
          {vbuckets,"{"}

          ,

          {takeover,true}

          ,

          {suffix,"123"}

          ]}
          [rebalance:info,2012-09-03T2:31:52.154,ns_1@10.3.2.57:<0.11240.1>:ebucketmigrator_srv:process_upstream:899]TAP stream is not doing backfill
          [rebalance:info,2012-09-03T2:31:52.156,ns_1@10.3.2.57:<0.11240.1>:ebucketmigrator_srv:terminate:618]Skipping close ack for successfull takover

          Show
          deepkaran.salooja Deepkaran Salooja added a comment - Found one more instance of this where ebucketmigrator_srv is logging the password for the bucket: [rebalance:info,2012-09-03T2:31:52.152,ns_1@10.3.2.57:<0.11240.1>:ebucketmigrator_srv:init:522] Starting tap stream: [{vbuckets," {"}, {checkpoints, [{123,2}] }, {name,<<"rebalance_123">>}, {takeover,true}] {{"10.3.2.57",11209}, {"10.3.3.98",11209}, [{username,"saslbucket"}, {password,"saslpass"}, {vbuckets,"{"} , {takeover,true} , {suffix,"123"} ]} [rebalance:info,2012-09-03T2:31:52.154,ns_1@10.3.2.57:<0.11240.1>:ebucketmigrator_srv:process_upstream:899] TAP stream is not doing backfill [rebalance:info,2012-09-03T2:31:52.156,ns_1@10.3.2.57:<0.11240.1>:ebucketmigrator_srv:terminate:618] Skipping close ack for successfull takover
          Hide
          andreibaranouski Andrei Baranouski added a comment -

          from XDCR part when add ONGOING REPLICATION:

          [xdcr:debug,2012-09-10T15:35:28.644,ns_1@10.3.3.92:<0.5499.17>:xdc_vbucket_rep_worker:find_missing:121]after conflict resolution at target ("http://Administrator:password@10.3.3.91:8092/sasl%2f406%3baec84e00df5ed24143c1b74216cd3b20/"), out of all 11 docs the number of docs we need to replicate is: 11
          [couchdb:info,2012-09-10T15:35:28.644,ns_1@10.3.3.92:<0.6093.17>:couch_log:info:39]Native initial compact succeeded for "standart/699"
          [xdcr:debug,2012-09-10T15:35:28.645,ns_1@10.3.3.92:<0.5764.17>:xdc_vbucket_rep_worker:local_process_batch:56]worker process flushing a batch docs of total size 3225 bytes
          [xdcr:debug,2012-09-10T15:35:28.646,ns_1@10.3.3.92:<0.4905.17>:xdc_vbucket_rep_worker:start_link:29]create queue_fetch_loop process (pid: <0.6121.17>) within replicator (pid: <0.4905.17>) Source: <<"sasl/212">>, Target: "http://Administrator:password@10.3.3.91:8092/sasl%2f212%3baec84e00df5ed24143c1b74216cd3b20/", ChangesManager: <0.6112.17>
          [xdcr:debug,2012-09-10T15:35:28.646,ns_1@10.3.3.92:<0.6121.17>:xdc_vbucket_rep_worker:queue_fetch_loop:36]fetch changes from changes manager at <0.6112.17> (target: "http://Administrator:password@10.3.3.91:8092/sasl%2f212%3baec84e00df5ed24143c1b74216cd3b20/")
          [xdcr:debug,2012-09-10T15:35:28.646,ns_1@10.3.3.92:<0.4905.17>:xdc_vbucket_rep_worker:start_link:29]create queue_fetch_loop process (pid: <0.6122.17>) within replicator (pid: <0.4905.17>) Source: <<"sasl/212">>, Target: "http://Administrator:password@10.3.3.91:8092/sasl%2f212%3baec84e00df5ed24143c1b74216cd3b20/", ChangesManager: <0.6112.17>
          [xdcr:debug,2012-09-10T15:35:28.646,ns_1@10.3.3.92:<0.6122.17>:xdc_vbucket_rep_worker:queue_fetch_loop:36]fetch changes from changes manager at <0.6112.17> (target: "http://Administrator:password@10.3.3.91:8092/sasl%2f212%3baec84e00df5ed24143c1b74216cd3b20/")
          [xdcr:debug,2012-09-10T15:35:28.646,ns_1@10.3.3.92:<0.4905.17>:xdc_vbucket_rep_worker:start_link:29]create queue_fetch_loop process (pid: <0.6123.17>) within replicator (pid: <0.4905.17>) Source: <<"sasl/212">>, Target: "http://Administrator:password@10.3.3.91:8092/sasl%2f212%3baec84e00df5ed24143c1b74216cd3b20/", ChangesManager: <0.6112.17>
          [xdcr:debug,2012-09-10T15:35:28.646,ns_1@10.3.3.92:<0.6123.17>:xdc_vbucket_rep_worker:queue_fetch_loop:36]fetch changes from changes manager at <0.6112.17> (target: "http://Administrator:password@10.3.3.91:8092/sasl%2f212%3baec84e00df5ed24143c1b74216cd3b20/")
          [xdcr:debug,2012-09-10T15:35:28.647,ns_1@10.3.3.92:<0.4905.17>:xdc_vbucket_rep_worker:start_link:29]create queue_fetch_loop process (pid: <0.6125.17>) within replicator (pid: <0.4905.17>) Source: <<"sasl/212">>, Target: "http://Administrator:password@10.3.3.91:8092/sasl%2f212%3baec84e00df5ed24143c1b74216cd3b20/", ChangesManager: <0.6112.17>
          [xdcr:debug,2012-09-10T15:35:28.647,ns_1@10.3.3.92:<0.6125.17>:xdc_vbucket_rep_worker:queue_fetch_loop:36]fetch changes from changes manager at <0.6112.17> (target: "http://Administrator:password@10.3.3.91:8092/sasl%2f212%3baec84e00df5ed24143c1b74216cd3b20/")

          Show
          andreibaranouski Andrei Baranouski added a comment - from XDCR part when add ONGOING REPLICATION: [xdcr:debug,2012-09-10T15:35:28.644,ns_1@10.3.3.92:<0.5499.17>:xdc_vbucket_rep_worker:find_missing:121] after conflict resolution at target ("http://Administrator:password@10.3.3.91:8092/sasl%2f406%3baec84e00df5ed24143c1b74216cd3b20/"), out of all 11 docs the number of docs we need to replicate is: 11 [couchdb:info,2012-09-10T15:35:28.644,ns_1@10.3.3.92:<0.6093.17>:couch_log:info:39] Native initial compact succeeded for "standart/699" [xdcr:debug,2012-09-10T15:35:28.645,ns_1@10.3.3.92:<0.5764.17>:xdc_vbucket_rep_worker:local_process_batch:56] worker process flushing a batch docs of total size 3225 bytes [xdcr:debug,2012-09-10T15:35:28.646,ns_1@10.3.3.92:<0.4905.17>:xdc_vbucket_rep_worker:start_link:29] create queue_fetch_loop process (pid: <0.6121.17>) within replicator (pid: <0.4905.17>) Source: <<"sasl/212">>, Target: "http://Administrator:password@10.3.3.91:8092/sasl%2f212%3baec84e00df5ed24143c1b74216cd3b20/", ChangesManager: <0.6112.17> [xdcr:debug,2012-09-10T15:35:28.646,ns_1@10.3.3.92:<0.6121.17>:xdc_vbucket_rep_worker:queue_fetch_loop:36] fetch changes from changes manager at <0.6112.17> (target: "http://Administrator:password@10.3.3.91:8092/sasl%2f212%3baec84e00df5ed24143c1b74216cd3b20/") [xdcr:debug,2012-09-10T15:35:28.646,ns_1@10.3.3.92:<0.4905.17>:xdc_vbucket_rep_worker:start_link:29] create queue_fetch_loop process (pid: <0.6122.17>) within replicator (pid: <0.4905.17>) Source: <<"sasl/212">>, Target: "http://Administrator:password@10.3.3.91:8092/sasl%2f212%3baec84e00df5ed24143c1b74216cd3b20/", ChangesManager: <0.6112.17> [xdcr:debug,2012-09-10T15:35:28.646,ns_1@10.3.3.92:<0.6122.17>:xdc_vbucket_rep_worker:queue_fetch_loop:36] fetch changes from changes manager at <0.6112.17> (target: "http://Administrator:password@10.3.3.91:8092/sasl%2f212%3baec84e00df5ed24143c1b74216cd3b20/") [xdcr:debug,2012-09-10T15:35:28.646,ns_1@10.3.3.92:<0.4905.17>:xdc_vbucket_rep_worker:start_link:29] create queue_fetch_loop process (pid: <0.6123.17>) within replicator (pid: <0.4905.17>) Source: <<"sasl/212">>, Target: "http://Administrator:password@10.3.3.91:8092/sasl%2f212%3baec84e00df5ed24143c1b74216cd3b20/", ChangesManager: <0.6112.17> [xdcr:debug,2012-09-10T15:35:28.646,ns_1@10.3.3.92:<0.6123.17>:xdc_vbucket_rep_worker:queue_fetch_loop:36] fetch changes from changes manager at <0.6112.17> (target: "http://Administrator:password@10.3.3.91:8092/sasl%2f212%3baec84e00df5ed24143c1b74216cd3b20/") [xdcr:debug,2012-09-10T15:35:28.647,ns_1@10.3.3.92:<0.4905.17>:xdc_vbucket_rep_worker:start_link:29] create queue_fetch_loop process (pid: <0.6125.17>) within replicator (pid: <0.4905.17>) Source: <<"sasl/212">>, Target: "http://Administrator:password@10.3.3.91:8092/sasl%2f212%3baec84e00df5ed24143c1b74216cd3b20/", ChangesManager: <0.6112.17> [xdcr:debug,2012-09-10T15:35:28.647,ns_1@10.3.3.92:<0.6125.17>:xdc_vbucket_rep_worker:queue_fetch_loop:36] fetch changes from changes manager at <0.6112.17> (target: "http://Administrator:password@10.3.3.91:8092/sasl%2f212%3baec84e00df5ed24143c1b74216cd3b20/")
          farshid Farshid Ghods (Inactive) made changes -
          Fix Version/s .next [ 10342 ]
          Fix Version/s 2.0 [ 10114 ]
          Hide
          ketaki Ketaki Gangal added a comment -

          Still seeing this on logs.

          buckets ->
          [{configs,[[

          {map,[]}

          ,

          {fastForwardMap,[]}

          ,

          {uuid,<<"428787680cb62f26c43038c6f0dca918">>}

          ,

          {num_replicas,1}

          ,

          {replica_index,false}

          ,

          {ram_quota,5019533312}

          ,

          {auth_type,sasl}

          ,

          {sasl_password,"saslbucket"}

          ,

          {autocompaction,false}

          ,

          {flush_enabled,false}

          ,

          {type,membase}

          ,

          {num_vbuckets,1024}

          ,

          {servers,[]}

          ]]}]
          [ns_server:debug,2012-10-29T13:0

          Show
          ketaki Ketaki Gangal added a comment - Still seeing this on logs. buckets -> [{configs,[[ {map,[]} , {fastForwardMap,[]} , {uuid,<<"428787680cb62f26c43038c6f0dca918">>} , {num_replicas,1} , {replica_index,false} , {ram_quota,5019533312} , {auth_type,sasl} , {sasl_password,"saslbucket"} , {autocompaction,false} , {flush_enabled,false} , {type,membase} , {num_vbuckets,1024} , {servers,[]} ]]}] [ns_server:debug,2012-10-29T13:0
          Hide
          farshid Farshid Ghods (Inactive) added a comment -

          there are two different issues :

          REST Admin user/password
          bucket user/password

          please modify the bug description to the relevant use case

          Show
          farshid Farshid Ghods (Inactive) added a comment - there are two different issues : REST Admin user/password bucket user/password please modify the bug description to the relevant use case
          Hide
          gvarisco Gianluca Varisco added a comment -

          Farshid,

          is there any progress on this? Would be possible to encrypt the plain-text password present in the config.dat file?

          Last, but not least, strip out password from logs would be very helpful, +1 on this.

          Any update?

          Show
          gvarisco Gianluca Varisco added a comment - Farshid, is there any progress on this? Would be possible to encrypt the plain-text password present in the config.dat file? Last, but not least, strip out password from logs would be very helpful, +1 on this. Any update?
          andreibaranouski Andrei Baranouski made changes -
          Affects Version/s 2.1.1 [ 10620 ]
          Affects Version/s 2.0-beta [ 10113 ]
          andreibaranouski Andrei Baranouski made changes -
          Affects Version/s 2.0 [ 10114 ]
          Hide
          alkondratenko Aleksey Kondratenko (Inactive) added a comment -

          No updates. We will consider this for 2.1.1 and for 2.1.2 but cannot promise anything. It's not just one component.

          Show
          alkondratenko Aleksey Kondratenko (Inactive) added a comment - No updates. We will consider this for 2.1.1 and for 2.1.2 but cannot promise anything. It's not just one component.
          dipti Dipti Borkar made changes -
          Fix Version/s 2.1.1 [ 10620 ]
          Fix Version/s .next [ 10342 ]
          dipti Dipti Borkar made changes -
          Priority Major [ 3 ] Critical [ 2 ]
          maria Maria McDuff (Inactive) made changes -
          Priority Critical [ 2 ] Blocker [ 1 ]
          alkondratenko Aleksey Kondratenko (Inactive) made changes -
          Summary couchbase logs contain user/password credentials couchbase logs/diags/collectinfos contain user/password credentials
          Priority Blocker [ 1 ] Critical [ 2 ]
          alkondratenko Aleksey Kondratenko (Inactive) made changes -
          Link This issue is duplicated by MB-8704 [ MB-8704 ]
          alkondratenko Aleksey Kondratenko (Inactive) made changes -
          Issue Type Bug [ 1 ] Improvement [ 4 ]
          alkondratenko Aleksey Kondratenko (Inactive) made changes -
          Summary couchbase logs/diags/collectinfos contain user/password credentials couchbase logs/diags/collectinfos should not contain user/password credentials
          Hide
          maria Maria McDuff (Inactive) added a comment -

          closed MB-8704 as duplicate of this bug.

          Show
          maria Maria McDuff (Inactive) added a comment - closed MB-8704 as duplicate of this bug.
          artem Artem Stemkovski made changes -
          Assignee Aleksey Kondratenko [ alkondratenko ] Artem Stemkovski [ artem ]
          artem Artem Stemkovski made changes -
          Status Open [ 1 ] In Progress [ 3 ]
          alkondratenko Aleksey Kondratenko (Inactive) made changes -
          Labels ns_server-story
          Hide
          artem Artem Stemkovski added a comment -

          At present cbcollect_info the output contains clear text of password. This is a potential security hole for cluster. Here are some examples that contain the clear text password:

          (The password in the examples is couchbase)

          couchbase.log: {creds,[{"Administrator",[

          {password,"couchbase"}

          ]}]}]},
          diag.log:'curl', '-sS', '-u', 'Administrator:couchbase', 'http://127.0.0.1:8091/diag?noLogs=1&#39;
          diag.log: {creds,[{"Administrator",[

          {password,'filtered-out'}]}]}]},
          diag.log: {creds,[{"Administrator",[{password,'filtered-out'}

          ]}]}]},
          diag.log: {creds,[{"Administrator",[

          {password,'filtered-out'}]}]}]},
          diag.log: {creds,[{"Administrator",[{password,'filtered-out'}

          ]}]}]},

          The diag.log is trying to filter out the clear text password. But the password is still showing in the curl command.

          Show
          artem Artem Stemkovski added a comment - At present cbcollect_info the output contains clear text of password. This is a potential security hole for cluster. Here are some examples that contain the clear text password: (The password in the examples is couchbase) couchbase.log: {creds,[{"Administrator",[ {password,"couchbase"} ]}]}]}, diag.log: 'curl', '-sS', '-u', 'Administrator:couchbase', 'http://127.0.0.1:8091/diag?noLogs=1&#39; diag.log: {creds,[{"Administrator",[ {password,'filtered-out'}]}]}]}, diag.log: {creds,[{"Administrator",[{password,'filtered-out'} ]}]}]}, diag.log: {creds,[{"Administrator",[ {password,'filtered-out'}]}]}]}, diag.log: {creds,[{"Administrator",[{password,'filtered-out'} ]}]}]}, The diag.log is trying to filter out the clear text password. But the password is still showing in the curl command.
          maria Maria McDuff (Inactive) made changes -
          Priority Critical [ 2 ] Blocker [ 1 ]
          anil Anil Kumar made changes -
          Rank Ranked higher
          anil Anil Kumar made changes -
          Rank Ranked higher
          anil Anil Kumar made changes -
          Sprint Sprint 1 [ 37 ]
          Show
          artem Artem Stemkovski added a comment - I fixed all the password exposures that I could find. Still there's a possibility that the function that has password in one of the input values will crash and the passwords will be logged. related commits in 2.2.0: http://review.couchbase.org/28413 http://review.couchbase.org/28412 http://review.couchbase.org/28378 http://review.couchbase.org/28277 http://review.couchbase.org/28238 http://review.couchbase.org/28270 http://review.couchbase.org/28254 http://review.couchbase.org/28233 http://review.couchbase.org/28156 http://review.couchbase.org/28091 http://review.couchbase.org/28043 http://review.couchbase.org/28042
          Hide
          artem Artem Stemkovski added a comment -

          Notes for QA:

          The best way to test this will be:

          • use the same non trivial prefix for all the passwords you use during other features testing. For example:
            Admin Password: asdfgh
            Password for test bucket: asdfghtest
            and so on
          • collect all the logs from different test runs and grep for this prefix in those logs

          If you will find an occurrence of the password in the log file please do not reopen this bug. Log the separate one for that particular password occurrence.

          Show
          artem Artem Stemkovski added a comment - Notes for QA: The best way to test this will be: use the same non trivial prefix for all the passwords you use during other features testing. For example: Admin Password: asdfgh Password for test bucket: asdfghtest and so on collect all the logs from different test runs and grep for this prefix in those logs If you will find an occurrence of the password in the log file please do not reopen this bug. Log the separate one for that particular password occurrence.
          artem Artem Stemkovski made changes -
          Status In Progress [ 3 ] Resolved [ 5 ]
          Resolution Fixed [ 1 ]
          artem Artem Stemkovski made changes -
          Assignee Artem Stemkovski [ artem ] Maria McDuff [ maria ]
          maria Maria McDuff (Inactive) made changes -
          Assignee Maria McDuff [ maria ] Andrei Baranouski [ andreibaranouski ]
          Hide
          andreibaranouski Andrei Baranouski added a comment -

          have been verified before

          Show
          andreibaranouski Andrei Baranouski added a comment - have been verified before
          andreibaranouski Andrei Baranouski made changes -
          Status Resolved [ 5 ] Closed [ 6 ]

            People

            • Assignee:
              andreibaranouski Andrei Baranouski
              Reporter:
              andreibaranouski Andrei Baranouski
            • Votes:
              1 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Agile