#2973 closed defect (fixed)
DEBUG=auth writes password to logs in cleartext
Reported by: | goekce | Owned by: | goekce |
---|---|---|---|
Priority: | minor | Milestone: | 4.1 |
Component: | server | Version: | trunk |
Keywords: | Cc: |
Description (last modified by )
Steps:
1) activate DEBUG=auth
in /etc/default/xpra
2) start proxy sudo systemctl start xpra
3) login using connect.html
4) journalctl -u xpra
you will see your password in cleartext
Is this a feature or a bug?
---
Note: To clear all your logs (and not only the archived ones):
1) sudo journalctl --rotate -u xpra
# archives all the logs
2) sudo journalctl --vacuum-time=1s -u xpra
Change History (5)
comment:1 Changed 4 months ago by
Description: | modified (diff) |
---|
comment:2 Changed 4 months ago by
Owner: | changed from Antoine Martin to goekce |
---|
comment:3 Changed 4 months ago by
authenticator[0]=PAM, requires-challenge=True, challenge-sent=True combined salt(...) authenticate_check(************, '...') xor('...')=b'...cleartextpassword...'
comment:4 Changed 4 months ago by
Resolution: | → fixed |
---|---|
Status: | new → closed |
comment:5 Changed 3 months ago by
this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/2973
Note: See
TracTickets for help on using
tickets.
What is the exact log message containing the password?