Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13890

Install.log logs AMLDAPUSERPASSWD for unprivileged demo user in plaintext

    XMLWordPrintable

    Details

    • Rank:
      1|hzvycf:
    • AM Sustaining Sprint 57, AM Sustaining Sprint 73
    • 2
    • No
    • Yes
    • No
    • Yes and I used the same an in the description

      Description

      Bug description

      During installation, AM logs the "demo" user password (AMLDAPUSERPASSWD) in ~/openam/install.log in plaintext. It does this even when an external user store is configured.

      How to reproduce the issue

      1. Install AM (with or without an external user store)
      2. Search ~/openam/install.log for AMLDAPUSERPASSWD
      Expected behaviour
      Using embedded user store, AMLDAPUSERPASSWD should not be logged in plaintext. When using an external user store, AMLDAPUSERPASSWD shouldn't be logged at all.
      Current behaviour
      AMLDAPUSERPASSWD is always logged and in plaintext
      

      Work around

      None

       

        Attachments

          Activity

            People

            sachiko Sachiko Wallace
            aaron.haskins Aaron Haskins
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: