Password appears in a plain text for search-credentials of ldap configuration in the server log .
Environment
- Red Hat JBoss Enterprise Application Platform (EAP)
- 6.4.9
Issue
- While debugging an application that had a long running startup class that caused the server to fail to start with
TimeOut errorbut I noticed that it logged theldap-connection passwordinplain textin the server log .
Resolution
- This issue got fixed in
JBoss EAP 6.4.16, please refer bug - Content from issues.jboss.org is not included.Content from issues.jboss.org is not included.https://issues.jboss.org/browse/JBEAP-10404
Diagnostic Steps
- The issue intermittently occurs , and we could not reproduced the issue on our setup. You need cheating with debugger so that you observe the issue steadily.
- add the following line in JBOSS_HOME/bin/domain.conf
HOST_CONTROLLER_JAVA_OPTS="$HOST_CONTROLLER_JAVA_OPTS -agentlib:jdwp=transport=dt_socket,address=8787,server=y,suspend=y"
- copy the attached host.xml to JBOSS_HOME/domain/configuration/
- start EAP
# $JBOSS_HOME/bin/domain.sh
- attach debugger to the host controller
#jdb -attach localhost:8787
- set a breakpoint in org.jboss.as.controller.OperationContextImpl.waitForRemovals()
- start the host controller
main[1] run
- put a dummy key/value to realRemovingContollers hashmap, continue, and quit debugger
Controller Boot Thread[1] print this.realRemovingControllers.put("hoge", "fuga")
Controller Boot Thread[1] cont
> ^D
- wait for 6 minutes, then you will see the LDAP credential "HIDDEN_SECRET" in the log messages several times
[Host Controller] 15:48:44,177 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) JBAS014781: Step handler org.jboss.as.controller.AbstractAddStepHandler$1@63256b59 for operation {"operation" => "add","address" => [("host" => "master"),("core-service" => "management"),("ldap-connection" => "ldap-connection")],"url" => "ldaps://no_such_ldap_server.com:636","search-dn" => "dummy_dn","search-credential" => "HIDDEN_SECRET","referrals" => "IGNORE","security-realm" => undefined,"initial-context-factory" => undefined,"handles-referrals-for" => undefined} at address [
[Host Controller] ("host" => "master"),
[Host Controller] ("core-service" => "management"),
[Host Controller] ("ldap-connection" => "ldap-connection")
[Host Controller] ] failed handling operation rollback -- java.util.concurrent.TimeoutException: java.util.concurrent.TimeoutException
[Host Controller] at org.jboss.as.controller.OperationContextImpl.waitForRemovals(OperationContextImpl.java:275) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
[Host Controller] at org.jboss.as.controller.AbstractOperationContext$Step.handleResult(AbstractOperationContext.java:1169) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
[Host Controller] at org.jboss.as.controller.AbstractOperationContext$Step.finalizeInternal(AbstractOperationContext.java:1122) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
[Host Controller] at org.jboss.as.controller.AbstractOperationContext$Step.finalizeStep(AbstractOperationContext.java:1097) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
[Host Controller] at org.jboss.as.controller.AbstractOperationContext$Step.access$300(AbstractOperationContext.java:1042) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
[Host Controller] at org.jboss.as.controller.AbstractOperationContext.handleContainerStabilityFailure(AbstractOperationContext.java:855) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
[Host Controller] at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:532) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
[Host Controller] at org.jboss.as.controller.AbstractOperationContext.completeStepInternal(AbstractOperationContext.java:338) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
[Host Controller] at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:314) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
[Host Controller] at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1144) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
[Host Controller] at org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:393) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
[Host Controller] at org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:301) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
[Host Controller] at org.jboss.as.host.controller.DomainModelControllerService.boot(DomainModelControllerService.java:420) [jboss-as-host-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
[Host Controller] at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:263) [jboss-as-controller-7.5.11.Final-redhat-1.jar:7.5.11.Final-redhat-1]
[Host Controller] at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_102]
Components
Category
Tags
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.