You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@jclouds.apache.org by "Arvind Nadendla (JIRA)" <ji...@apache.org> on 2015/07/10 08:18:04 UTC
[jira] [Created] (JCLOUDS-958) HttpResponseException prints
username and password involved in request
Arvind Nadendla created JCLOUDS-958:
---------------------------------------
Summary: HttpResponseException prints username and password involved in request
Key: JCLOUDS-958
URL: https://issues.apache.org/jira/browse/JCLOUDS-958
Project: jclouds
Issue Type: Bug
Components: jclouds-core
Affects Versions: 1.9.0
Environment: Any. Attempting to communicate to a openstack keystone server on Ubuntu with wrong credentials
Reporter: Arvind Nadendla
When trying to communicate with a server with an invalid credentials, I will get an error that contains the username and password used in the request.
This is an important security issue as the username and password are revealed in plain text. There might be other places where sensitive information is exposed.
OUTPUT
================================================
Caused by: org.jclouds.http.HttpResponseException: request: POST https://x.x.x.x:5000/v2.0/tokens HTTP/1.1 [{"auth":{"passwordCredentials":{"username":"admin","password":"admin"},"tenantName":"demo"}}] failed with response: HTTP/1.1 401 Unauthorized
at org.jclouds.openstack.nova.v2_0.handlers.NovaErrorHandler.handleError(NovaErrorHandler.java:78)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)