#2973 closed defect (fixed)
DEBUG=auth writes password to logs in cleartext
| Reported by: | goekce | Owned by: | goekce |
|---|---|---|---|
| Priority: | minor | Milestone: | 4.1 |
| Component: | server | Version: | trunk |
| Keywords: | Cc: |
Description (last modified by )
Steps:
1) activate DEBUG=auth in /etc/default/xpra
2) start proxy sudo systemctl start xpra
3) login using connect.html
4) journalctl -u xpra you will see your password in cleartext
Is this a feature or a bug?
---
Note: To clear all your logs (and not only the archived ones):
1) sudo journalctl --rotate -u xpra # archives all the logs
2) sudo journalctl --vacuum-time=1s -u xpra
Change History (5)
comment:1 Changed 19 months ago by
| Description: | modified (diff) |
|---|
comment:2 Changed 19 months ago by
| Owner: | changed from Antoine Martin to goekce |
|---|
comment:3 Changed 19 months ago by
authenticator[0]=PAM, requires-challenge=True, challenge-sent=True
combined salt(...)
authenticate_check(************, '...') xor('...')=b'...cleartextpassword...'
comment:4 Changed 19 months ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
comment:5 Changed 17 months ago by
this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/2973
Note: See
TracTickets for help on using
tickets.
copyleft 2010 - 2021
What is the exact log message containing the password?