Control: tag -1 unreproducible On Wed, 10 Jun 2020 at 23:19:41 +0200, Marco Herrn wrote: > When writing into a logfile, rainloop writes the passwords of all > login attempts (successful or not) into the logfile in cleartext.
FWIW I'm not able to reproduce this with the version from Debian buster
(1.12.1-2). Stock config, just replaced ‘enable = Off’ with ‘enable = On’
in /etc/rainloop/application.ini's ‘[logs]’ section. (‘hide_passwords’
remains set as per default.) I see my username in the log, but the
passphrase is replaced with (a fixed number of) asterisks in both in
succesful and failed sessions:
INFO[DATA]:
[DATE:27.05.23][OFFSET:-00][RL:1.12.1][PHP:7.3.31-1~deb10u3][IP:127.0.0.1][PID:976085][nginx/1.14.2][fpm-fcgi]
INFO[DATA]:
[Suhosin:off][APC:off][MB:off][PDO:~][Streams:tcp,udp,unix,udg,ssl,tls,tlsv1.0,tlsv1.1,tlsv1.2]
REQUEST[NOTE]: [POST] http://127.0.0.1/?/Ajax/&q[]=/0/
AJAX[NOTE]: Action: DoLogin
POST[DATA]:
{"Email":"guil...@example.net","Login":"","Password":"*******","Language":"","AdditionalCode":"","AdditionalCodeSignMe":"0","SignMe":"0","Action":"Login","XToken":"[…]"}
IMAP[NOTE]: Start connection to "ssl://imap.example.net:993"
IMAP[NOTE]: Connected (success)
IMAP[DATA]: < * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] howdy, ready.\r\n
IMAP[DATA]: > TAG1 AUTHENTICATE PLAIN\r\n
IMAP[DATA]: < + \r\n
IMAP[SECURE]: > *******\r\n
IMAP[DATA]: < TAG1 NO [AUTHENTICATIONFAILED] Authentication failed.\r\n
IMAP[WARNING]: MailSo\Imap\Exceptions\NegativeResponseException:
MailSo-Imap-Exceptions-NegativeResponseException (ImapClient.php ~ 1874) in
/usr/share/rainloop/app/libraries/MailSo/Imap/ImapClient.php:1874
Stack trace:
#0 /usr/share/rainloop/app/libraries/MailSo/Imap/ImapClient.php(1951):
MailSo\Imap\ImapClient->validateResponse(Array)
#1 /usr/share/rainloop/app/libraries/MailSo/Imap/ImapClient.php(281):
MailSo\Imap\ImapClient->parseResponseWithValidation()
#2 /usr/share/rainloop/app/libraries/MailSo/Mail/MailClient.php(92):
MailSo\Imap\ImapClient->Login('guilhem@example....', '*******', '', true, false)
#3 /usr/share/rainloop/app/libraries/RainLoop/Model/Account.php(451):
MailSo\Mail\MailClient->Login('guilhem@example....', '*******', '', true, false)
#4 /usr/share/rainloop/app/libraries/RainLoop/Actions.php(2078):
RainLoop\Model\Account->IncConnectAndLoginHelper(Object(RainLoop\Plugins\Manager),
Object(MailSo\Mail\MailClient), Object(RainLoop\Config\Application))
#5 /usr/share/rainloop/app/libraries/RainLoop/Actions.php(2329):
RainLoop\Actions->CheckMailConnection(Object(RainLoop\Model\Account), true)
#6 /usr/share/rainloop/app/libraries/RainLoop/Actions.php(2381):
RainLoop\Actions->LoginProcess('guilhem@example....', '*******', '', '', false)
#7 /usr/share/rainloop/app/libraries/RainLoop/ServiceActions.php(172):
RainLoop\Actions->DoLogin()
#8 /usr/share/rainloop/app/libraries/RainLoop/Service.php(146):
RainLoop\ServiceActions->ServiceAjax('')
#9 /usr/share/rainloop/app/libraries/RainLoop/Service.php(56):
RainLoop\Service->localHandle()
#10 /usr/share/rainloop/app/libraries/RainLoop/Service.php(79):
RainLoop\Service->__construct()
#11 /usr/share/rainloop/app/handle.php(94): RainLoop\Service::Handle()
#12 /usr/share/rainloop/include.php(228): include('/usr/share/rain...')
#13 /usr/share/rainloop/index.php(13): include('/usr/share/rain...')
#14 {main}
IMAP[NOTICE]: MailSo\Imap\Exceptions\NegativeResponseException:
MailSo-Imap-Exceptions-NegativeResponseException (ImapClient.php ~ 1874) in
/usr/share/rainloop/app/libraries/MailSo/Imap/ImapClient.php:1874
Stack trace:
#0 /usr/share/rainloop/app/libraries/MailSo/Imap/ImapClient.php(1951):
MailSo\Imap\ImapClient->validateResponse(Array)
#1 /usr/share/rainloop/app/libraries/MailSo/Imap/ImapClient.php(281):
MailSo\Imap\ImapClient->parseResponseWithValidation()
#2 /usr/share/rainloop/app/libraries/MailSo/Mail/MailClient.php(92):
MailSo\Imap\ImapClient->Login('guilhem@example....', '*******', '', true, false)
#3 /usr/share/rainloop/app/libraries/RainLoop/Model/Account.php(451):
MailSo\Mail\MailClient->Login('guilhem@example....', '*******', '', true, false)
#4 /usr/share/rainloop/app/libraries/RainLoop/Actions.php(2078):
RainLoop\Model\Account->IncConnectAndLoginHelper(Object(RainLoop\Plugins\Manager),
Object(MailSo\Mail\MailClient), Object(RainLoop\Config\Application))
#5 /usr/share/rainloop/app/libraries/RainLoop/Actions.php(2329):
RainLoop\Actions->CheckMailConnection(Object(RainLoop\Model\Account), true)
#6 /usr/share/rainloop/app/libraries/RainLoop/Actions.php(2381):
RainLoop\Actions->LoginProcess('guilhem@example....', '*******', '', '', false)
#7 /usr/share/rainloop/app/libraries/RainLoop/ServiceActions.php(172):
RainLoop\Actions->DoLogin()
#8 /usr/share/rainloop/app/libraries/RainLoop/Service.php(146):
RainLoop\ServiceActions->ServiceAjax('')
#9 /usr/share/rainloop/app/libraries/RainLoop/Service.php(56):
RainLoop\Service->localHandle()
#10 /usr/share/rainloop/app/libraries/RainLoop/Service.php(79):
RainLoop\Service->__construct()
#11 /usr/share/rainloop/app/handle.php(94): RainLoop\Service::Handle()
#12 /usr/share/rainloop/include.php(228): include('/usr/share/rain...')
#13 /usr/share/rainloop/index.php(13): include('/usr/share/rain...')
#14 {main}
INFO[DATA]:
[DATE:27.05.23][OFFSET:-00][RL:1.12.1][PHP:7.3.31-1~deb10u3][IP:127.0.0.1][PID:976084][nginx/1.14.2][fpm-fcgi]
INFO[DATA]:
[Suhosin:off][APC:off][MB:off][PDO:~][Streams:tcp,udp,unix,udg,ssl,tls,tlsv1.0,tlsv1.1,tlsv1.2]
REQUEST[NOTE]: [POST] http://127.0.0.1/?/Ajax/&q[]=/0/
AJAX[NOTE]: Action: DoLogin
POST[DATA]:
{"Email":"guil...@example.net","Login":"","Password":"*******","Language":"","AdditionalCode":"","AdditionalCodeSignMe":"0","SignMe":"0","Action":"Login","XToken":"[…]"}
IMAP[NOTE]: Start connection to "ssl://imap.example.net:993"
IMAP[NOTE]: Connected (success)
IMAP[DATA]: < * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] howdy, ready.\r\n
IMAP[DATA]: > TAG1 AUTHENTICATE PLAIN\r\n
IMAP[DATA]: < + \r\n
IMAP[SECURE]: > *******\r\n
IMAP[DATA]: < TAG1 OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID
ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS
THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN
NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT
SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY
PREVIEW=FUZZY STATUS=SIZE SAVEDATE LITERAL+ NOTIFY SPECIAL-USE COMPRESS=DEFLATE
QUOTA] Logged in\r\n
AJAX[DATA]: {"Action":"Login","Result":true,"Time":2119}
IMAP[DATA]: > TAG2 LOGOUT\r\n
IMAP[DATA]: < * BYE Logging out\r\n
IMAP[DATA]: < TAG2 OK Logout completed (0.001 + 0.000 secs).\r\n
IMAP[NOTE]: Disconnected from "ssl://imap.example.net:993" (success)
INFO[MEMORY]: Memory peak usage: 2MB
INFO[TIME]: Time delta: 2.3106529712677
--
Guilhem.
signature.asc
Description: PGP signature
