[Bug 60178] New: password is logged in clear text

bugzilla Tue, 27 Sep 2016 00:18:29 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=60178


            Bug ID: 60178
           Summary: password is logged in clear text
           Product: Tomcat 7
           Version: 7.0.69
          Hardware: PC
                OS: Windows NT
            Status: NEW
          Severity: critical
          Priority: P2
         Component: Catalina
          Assignee: [email protected]
          Reporter: [email protected]

Hi, 

there is a trace entry that is logging the password in clear text. This should
not be done. If the user is DonaldDuck and the password is ILoveDa1sy the entry
looks like this with our custom formatter:
2016-06-01
14:57:28,329#DEBUG#org.apache.tomcat.util.http.Parameters#http-bio-443-exec-11#
         #Start processing with input
[j_username=DonaldDuck&j_password=ILoveDa1sy]|

Could you please fix this? Thanks!

Best regards,
Markus

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 60178] New: password is logged in clear text

Reply via email to