Server audit log contains master password / secure params in plaintext

Assignee

Kamil Kočí

Reporter

Lukáš Zach

Labels

Greenaudit-logloggingmaster-passwordpasswordsrelease-notessecure-graph-parameterssecurity

Sprint

None

Description

When user changed the master password, password is logged in plaintext into server-audit.log:

CloverDX Server 5.15.0.6.R.REL

full log file -

Not master password specific - check comment.

Steps to reproduce

None

Attachments

Linked issues

relates to

CLO-25724

Server audit log contains user console login password in plaintext

Activity

Kamil Kočí March 3, 2023 at 3:14 PM
Edited

New row in audit log

Fixed

Details
Story Points
1
Priority
Major
Fix versions
rel-6-0-0
rel-5-15-4
rel-5-16-2
rel-5-17-3
Branch
CLO-25724-server-audit-log-contains-passwords
QA Testing
UNDECIDED
Components
Environment
FTE/APTe - Linux britannicus

Created June 8, 2022 at 12:41 PM

Updated February 10, 2025 at 3:28 PM

Resolved March 6, 2023 at 11:38 AM

Configure

Server audit log contains master password / secure params in plaintext

Assignee

Reporter

Labels

Sprint

Description

Steps to reproduce

Attachments

Linked issues

relates to

Activity

Kamil Kočí March 3, 2023 at 3:14 PMEdited

DetailsStory Points1PriorityMajorFix versionsrel-6-0-0rel-5-15-4rel-5-16-2rel-5-17-3BranchCLO-25724-server-audit-log-contains-passwordsQA TestingUNDECIDEDComponentsEnvironmentFTE/APTe - Linux britannicus

Details

Story Points

Priority

Fix versions

Branch

QA Testing

Components

Environment

Kamil Kočí March 3, 2023 at 3:14 PM
Edited

Details
Story Points
1
Priority
Major
Fix versions
rel-6-0-0
rel-5-15-4
rel-5-16-2
rel-5-17-3
Branch
CLO-25724-server-audit-log-contains-passwords
QA Testing
UNDECIDED
Components
Environment
FTE/APTe - Linux britannicus