Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 7.4.12
Affects Version/s: 7.4.1
Component/s: Security, System Administration - Audit Logs
Labels:

Fixed in Long Term Support Release/s:

Download 7.4
Support reference count:
1
Symptom Severity:
Severity 2 - Major
UIS:
0

Problem

In Confluence, when an external LDAP directory is created/modified, Audit logs store the LDAP connection password as plain text.

Environment

7.4.x
.

Steps to Reproduce

1. In Confluence, create or modify a directory as Microsoft Active Directory, Crowd, Jira etc
2. After creation, synchronize the users.
3. Check the Audit logs for the Directory changes and expand.
4. Along with LDAP attribute details, we can also see that the password for external LDAP is displayed in plain text.

Expected Results

Passwords should be sanitised before being logged in audit log.

Actual Results

We are able to see the LDAP password displayed in plain text.

Workaround

Notes

is resolved by: CONFDEVSRV-222 Loading...

links to

Original (master branch) ticket on AsecJ > VULN

mentioned in: Page Loading...; Page Loading...; Page Loading...

Assignee:: Unassigned
Reporter:: Sathya Ganeshan
Votes:: 1 Vote for this issue
Watchers:: 8 Start watching this issue

Due:: 20/Mar/2022
Created:: 29/Jul/2021 9:23 AM
Updated:: 01/Jun/2022 2:34 AM
Resolved:: 18/Oct/2021 4:02 AM

Details

Description

Problem

Environment

Steps to Reproduce

Expected Results

Actual Results

Workaround

Notes

Attachments

Issue Links

Activity

People

Dates