-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 14.1.1, 5.5.1, 6.0.0.5
-
Component/s: install
-
Labels:
-
Sprint:AM Sustaining Sprint 57, AM Sustaining Sprint 73
-
Story Points:2
-
Needs backport:No
-
Support Ticket IDs:
-
Verified Version/s:
-
Needs QA verification:Yes
-
Functional tests:No
-
Are the reproduction steps defined?:Yes and I used the same an in the description
Bug description
During installation, AM logs the "demo" user password (AMLDAPUSERPASSWD) in ~/openam/install.log in plaintext. It does this even when an external user store is configured.
How to reproduce the issue
- Install AM (with or without an external user store)
- Search ~/openam/install.log for AMLDAPUSERPASSWD
Expected behaviour
Using embedded user store, AMLDAPUSERPASSWD should not be logged in plaintext. When using an external user store, AMLDAPUSERPASSWD shouldn't be logged at all.
Current behaviour
AMLDAPUSERPASSWD is always logged and in plaintext
Work around
None