-
Notifications
You must be signed in to change notification settings - Fork 10
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
CVE-2017-15112 unsafe use of -p/--admin-password on command line
It is unsafe to pass a password as part of the command line args because it appears in the process info and is recorded in the shell command history. The -p --keycloak-admin-password arg has been replaced with -P --keycloak-admin-password-file which reads the password from a file or stdin if given a hyphen. The now deprecated --keycloak-admin-password also accepted stdin with a hyphen, this was retained for backward compatibility during a transition period, it will issue a deprecation warning. Trying to use --keycloak-admin-password with anything other than a hyphen will result in an error and explanation. The man page was updated to include a section on password passing and includes documention on using the KEYCLOAK_ADMIN_PASSWORD environment variable (which was always supported but never documented). The --admin-password command line arg in keycloak_cli.py was also updated in a similar manner and now also includes support for KEYCLOAK_ADMIN_PASSWORD environment variable.
- Loading branch information
John Dennis
committed
Jan 9, 2018
1 parent
bee4ab8
commit c3121b2
Showing
3 changed files
with
117 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters