Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

asa_* modules putting provider password in cleartext #32343

Closed
jainnikhil30 opened this issue Oct 30, 2017 · 1 comment
Closed

asa_* modules putting provider password in cleartext #32343

jainnikhil30 opened this issue Oct 30, 2017 · 1 comment
Assignees
@ganeshrn
Labels
affects_2.4 This issue/PR affects Ansible v2.4 bug This issue/PR relates to a bug. networking Network category support:core This issue/PR relates to code supported by the Ansible Engineering Team.

Comments

@jainnikhil30
Copy link
Contributor

ISSUE TYPE
  • Bug Report
COMPONENT NAME

networking asa_* module

ANSIBLE VERSION
2.4.0
CONFIGURATION
OS / ENVIRONMENT
SUMMARY

asa_* modules puts the provider password in clear text in /var/log/messages

STEPS TO REPRODUCE

1.) Use any asa_* module and check the /var/log/messages after it ran. It puts the provider password in cleartext.

EXPECTED RESULTS
Oct 30 09:21:01 localhost ansible-asa_config: Invoked with authorize=None context=None replace=line port=None before=None auth_pass=NOT_LOGGING_PARAMETER parents=['tunnel-group 1.1.1.1 ipsec-attributes'] provider={'username': 'ec2-user', 'authorize': None, 'passwords': None, 'context': None, 'auth_pass': None, 'host': 'xx.xx.xx.xx', 'timeout': None, 'password': 'NOT_LOGGING_PARAMETER', 'port': None} save=False config=None match=line username=None passwords=None timeout=None after=None host=None password=NOT_LOGGING_PARAMETER src=None ssh_keyfile=None lines=['ikev1 pre-shared-key test']
ACTUAL RESULTS
Oct 30 09:21:01 localhost ansible-asa_config: Invoked with authorize=None context=None replace=line port=None before=None auth_pass=NOT_LOGGING_PARAMETER parents=['tunnel-group 1.1.1.1 ipsec-attributes'] provider={'username': 'ec2-user', 'authorize': None, 'passwords': None, 'context': None, 'auth_pass': None, 'host': 'xx.xx.xx.xx', 'timeout': None, 'password': 'test', 'port': None} save=False config=None match=line username=None passwords=None timeout=None after=None host=None password=NOT_LOGGING_PARAMETER src=None ssh_keyfile=None lines=['ikev1 pre-shared-key test']
@ansibot ansibot added affects_2.4 This issue/PR affects Ansible v2.4 bug_report needs_triage Needs a first human triage before being processed. support:core This issue/PR relates to code supported by the Ansible Engineering Team. labels Oct 30, 2017
@ganeshrn ganeshrn self-assigned this Oct 30, 2017
@ganeshrn ganeshrn added networking Network category and removed needs_triage Needs a first human triage before being processed. labels Oct 30, 2017
@ganeshrn ganeshrn mentioned this issue Oct 30, 2017
Merged
ganeshrn added a commit to ganeshrn/ansible that referenced this issue Oct 31, 2017
@ganeshrn
Move asa provider to suboptions
e10e2f0 
Fixes ansible#32343

* Move provider arg spec as part of suboptions
  to validate input args against provider spec.
* This handles `no_log` for password arg correctly.

Merged to devel PR ansible#28984

( cherry picked from commit 599fe23 )
ganeshrn added a commit that referenced this issue Nov 1, 2017
@ganeshrn
Move asa provider to suboptions (#32356)
8c1dfdb 
Fixes #32343

* Move provider arg spec as part of suboptions
  to validate input args against provider spec.
* This handles `no_log` for password arg correctly.

Merged to devel PR #28984

( cherry picked from commit 599fe23 )
@ganeshrn
Copy link
Member

ganeshrn commented Nov 1, 2017

Fix will be available in 2.4.2beta2 release

@ganeshrn ganeshrn closed this as completed Nov 1, 2017
@pyup-bot pyup-bot mentioned this issue Jan 1, 2018
Closed
This was referenced Jan 31, 2018
Closed
Closed
Closed
Closed
Closed
@ansibot ansibot added bug This issue/PR relates to a bug. and removed bug_report labels Mar 7, 2018
@ansible ansible locked and limited conversation to collaborators Apr 26, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@ganeshrn ganeshrn

Labels
affects_2.4 This issue/PR affects Ansible v2.4 bug This issue/PR relates to a bug. networking Network category support:core This issue/PR relates to code supported by the Ansible Engineering Team.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ganeshrn @ansibot @jainnikhil30