Skip to content
This repository has been archived by the owner on Jan 1, 2020. It is now read-only.

Visible password at sensu-client logs after restart #1804

Closed
pdebashis opened this issue Jan 20, 2018 · 6 comments · Fixed by #1810
Closed

Visible password at sensu-client logs after restart #1804

pdebashis opened this issue Jan 20, 2018 · 6 comments · Fixed by #1810
Assignees
@amdprophet

Comments

@pdebashis
Copy link

Configuring single rabbitmq, sensu is able to redact the password in client logs after restart.
But when configuring multiple rabbitmqs, plain text password is visible.

Logs for single rabbitmq config :

{
   "timestamp":"2016-04-08T16:41:35.699673-0700",
   "level":"warn",
   "message":"config file applied changes",
   "file":"/etc/sensu/conf.d/rabbitmq.json",
   "changes":{
      "rabbitmq":[
         null,
         {
            "host":"1.1.1.1",
            "port":"5671",
            "user":"sensu",
            "password":"REDACTED"
         }
      ]
   }
}

Logs for multiple rabbitmq config :

{
   "timestamp":"2016-04-08T16:41:35.699673-0700",
   "level":"warn",
   "message":"config file applied changes",
   "file":"/etc/sensu/conf.d/rabbitmq.json",
   "changes":{
      "rabbitmq":[
         null,
         [
            {
               "host":"1.1.1.1",
               "port":"5671",
               "user":"sensu",
               "password":"abc123"
            },
            {
               "host":"1.1.1.2",
               "port":"5671",
               "user":"sensu",
               "password":"abc123"
            }
         ]
      ]
   }
}

This issue seems to occur because multilpe rabbitmq config is stored in a nested array format. Sensu is not able to look up the password keyword inside the hash, inside the array and hence, not able to redact the password in logs.
@paramite
Copy link

paramite commented Feb 5, 2018

This is sensu-settings issue. We need to apply redact_sensitive on this line: https://github.com/sensu/sensu-settings/blob/master/lib/sensu/settings/loader.rb#L169

@pdebashis pdebashis reopened this Feb 6, 2018
@pdebashis
Copy link
Author

Thank you for the reply.

As per the analysis, redact_sensitive method is taken care during printing. Please note that the issue occurs only for multiple rabbitmq configuration.

I would like to request a CVE to be assigned for the issue.

@paramite paramite mentioned this issue Feb 6, 2018
Closed
5 tasks
@amdprophet amdprophet mentioned this issue Feb 6, 2018
Merged
8 tasks
@amdprophet amdprophet self-assigned this Feb 6, 2018
@amdprophet
Copy link
Member

Thank you for reporting this issue. A fix has been merged to master and we are working on releasing Sensu 1.2.1 which will contain the fix.

@majormoses
Copy link
Contributor

@amdprophet thanks for the quick turnaround I think it's valid that we should provide a CVE for it. Who is the most appropriate person to register with mitre?

@cwjohnston
Copy link
Contributor

@majormoses @pdebashis we have filed for a CVE, currently waiting for one to be assigned.

@cwjohnston
Copy link
Contributor

@majormoses @pdebashis we've been issued CVE-2018-1000060 to cover this vulnerability.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@amdprophet amdprophet

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Make redact_sensitive more versatile sensu/sensu
5 participants
@amdprophet @cwjohnston @paramite @majormoses @pdebashis