You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@jclouds.apache.org by "Arvind Nadendla (JIRA)" <ji...@apache.org> on 2015/07/10 08:18:04 UTC

[jira] [Created] (JCLOUDS-958) HttpResponseException prints username and password involved in request

Arvind Nadendla created JCLOUDS-958:
---------------------------------------

             Summary: HttpResponseException prints username and password involved in request
                 Key: JCLOUDS-958
                 URL: https://issues.apache.org/jira/browse/JCLOUDS-958
             Project: jclouds
          Issue Type: Bug
          Components: jclouds-core
    Affects Versions: 1.9.0
         Environment: Any. Attempting to communicate to a openstack keystone server on Ubuntu with wrong credentials
            Reporter: Arvind Nadendla


When trying to communicate with a server with an invalid credentials, I will get an error that contains the username and password used in the request.

This is an important security issue as the username and password are revealed in plain text. There might be other places where sensitive information is exposed. 

OUTPUT
================================================
Caused by: org.jclouds.http.HttpResponseException: request: POST https://x.x.x.x:5000/v2.0/tokens HTTP/1.1  [{"auth":{"passwordCredentials":{"username":"admin","password":"admin"},"tenantName":"demo"}}] failed with response: HTTP/1.1 401 Unauthorized
	at org.jclouds.openstack.nova.v2_0.handlers.NovaErrorHandler.handleError(NovaErrorHandler.java:78)




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)