[CXF-6824] Logs output User Password In Plain Text at INFO level - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Duplicate
Affects Version/s: 2.7.16
Fix Version/s: None
Component/s: logging
Labels:
None
Environment:

Windows server, Java 8 and Apache CXF 2.7.16.

Estimated Complexity:
Moderate

Description

In a http soap webservice call, the user password was output in plain text in the log at INFO level. This leads to security concerns of the application building on top it. User password is very sensitive information, it should not be at the INFO log level.

Attachments

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Qi Lu

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 08/Mar/16 15:40

Updated:: 08/Mar/16 16:12

Resolved:: 08/Mar/16 16:12