Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User Names and Passwords exposed in Logs #362

Open
sgu07ght opened this issue Feb 22, 2023 · 1 comment · Fixed by sam2kb/sftp#3 or TaridaGeorge/sftp#2 · May be fixed by #367
Open

User Names and Passwords exposed in Logs #362

sgu07ght opened this issue Feb 22, 2023 · 1 comment · Fixed by sam2kb/sftp#3 or TaridaGeorge/sftp#2 · May be fixed by #367

Comments

@sgu07ght
Copy link

Problem:
During bootup while reading users.conf from a secret / configmaps whole line gets dumped into logs that includes the credentials.

Observation/Solution:
We may need to tweak the 'log' function inside the create-sftp-user.
Planning to submit a PR on this matter.

Proof, snap:

image
vkg23 added a commit to vkg23/sftp that referenced this issue Feb 22, 2023
@vkg23
Removed Logging of UserName,Passwords as Arguments atmoz#362
05c9ce8
@vkg23 vkg23 mentioned this issue Feb 22, 2023
Closed
@vkg23
Copy link

vkg23 commented Feb 23, 2023

PR submitted on this matter. #363

@jult jult mentioned this issue Feb 23, 2023
Open
kimdre added a commit to kimdre/sftp that referenced this issue Mar 14, 2023
@kimdre
Hide password in userdata parser
a30b27b 
Replace password in log output with asterisks
Fixes atmoz#362

## Results:
Before: `[bash] Parsing user data: "user:abc!123:3000:4000:/user/home"`
After: `[bash] Parsing user data: "user:******:3000:4000:/user/home"`
@kimdre kimdre linked a pull request Mar 14, 2023 that will close this issue
Open
@sam2kb sam2kb mentioned this issue May 24, 2023
Merged
@TaridaGeorge TaridaGeorge mentioned this issue Jan 9, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@vkg23 @sgu07ght