Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0007501opensim[GRID] Robust Serverpublic2015-03-14 20:072015-03-16 18:18
Reportersmxy 
Assigned Tojustincc 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Versionmaster (dev code) 
Target VersionFixed in Versionmaster (dev code) 
Summary0007501: BasicHttpAuthentication credentials exposed on console and in log.
DescriptionAs each service and simulator connects, the username and password are printed in clear text on the Robust and simulator consoles as well as in their log files. This information shouldn't be exposed.
Steps To ReproduceConfigure BasicHttpAuthentication; observe.
TagsNo tags attached.
Git Revision or version numberHEAD
Run Mode Grid (1 Region per Sim)
Physics EngineBulletSim
EnvironmentMono / Linux64
Mono VersionOther
ViewerN/A
Attached Files

- Relationships

-  Notes
(0027870)
justincc (administrator)
2015-03-16 16:52

I agree this is not good security-wise. Addressed by git master 5b31bb9.
(0027872)
smxy (reporter)
2015-03-16 18:18

The passwords aren't logged anymore. Thanks.

- Issue History
Date Modified Username Field Change
2015-03-14 20:07 smxy New Issue
2015-03-16 16:52 justincc Note Added: 0027870
2015-03-16 16:52 justincc Status new => resolved
2015-03-16 16:52 justincc Resolution open => fixed
2015-03-16 16:52 justincc Assigned To => justincc
2015-03-16 18:18 smxy Note Added: 0027872
2015-03-16 18:18 smxy Status resolved => closed
2015-03-16 18:18 smxy Fixed in Version => master (dev code)


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker