Skip to content

Commit

Permalink
security: remove password after authenticating the user
Browse files Browse the repository at this point in the history 
fix https://nvd.nist.gov/vuln/detail/CVE-2021-28235

Signed-off-by: Benjamin Wang <wachao@vmware.com>
  • Loading branch information
@ahrtr
ahrtr committed Apr 6, 2023
1 parent 6429dd4 commit c79e7b7
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions server/etcdserver/v3_server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -445,6 +445,13 @@ func (s *EtcdServer) Authenticate(ctx context.Context, r *pb.AuthenticateRequest

lg := s.Logger()

// fix https://nvd.nist.gov/vuln/detail/CVE-2021-28235
defer func() {
if r != nil {
r.Password = ""
}
}()

var resp proto.Message
for {
checkedRevision, err := s.AuthStore().CheckPassword(r.Name, r.Password)
Expand Down

0 comments on commit c79e7b7

Please sign in to comment.