Password in plaintext in management and access logs

##### ISSUE TYPE

 * Bug Report


##### COMPONENT NAME

~~~
Logs
~~~

##### CLOUDSTACK VERSION


~~~
4.19.1.0, 4.18.1.0
~~~

##### CONFIGURATION



##### OS / ENVIRONMENT



##### SUMMARY


Password and sensitive information are shown in plaintext in the management and access logs on the management server.

##### STEPS TO REPRODUCE



~~~
Looking in log files.
~~~



##### EXPECTED RESULTS


~~~
No sensitive passwords or secrets in logs
~~~

##### ACTUAL RESULTS



~~~
/var/log/cloudstack/management/access.log:1077542308:10.30.0.61 - - [09/Aug/2024:16:42:01 +0000] "GET /client/api?account=joe-again-1286&apiKey=<apikey>&command=addVpnUser&domainid=c91a0528-377b-48aa-9c7b-2c7ead68200d&password=TOPSECRETPASSWORD&response=json&username=seantest2&signature=Ek%2BC7EGsrmNi0ONFL%2BxJBJxSGe0%3D HTTP/1.1" 200 115 "-" "GuzzleHttp/7" 86

/var/log/cloudstack/management/management-server.log:122775505:{u'vpn_users': [{u'add': True, u'password': u'TOPSECRETPASSWORD', u'user': u'seantest2'}], u'type': u'vpnuserlist', u'delete_from_processed_cache': False}


~~~

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Password in plaintext in management and access logs #9512

ISSUE TYPE

COMPONENT NAME

CLOUDSTACK VERSION

CONFIGURATION

OS / ENVIRONMENT

SUMMARY

STEPS TO REPRODUCE

EXPECTED RESULTS

ACTUAL RESULTS

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Password in plaintext in management and access logs #9512

Description

ISSUE TYPE

COMPONENT NAME

CLOUDSTACK VERSION

CONFIGURATION

OS / ENVIRONMENT

SUMMARY

STEPS TO REPRODUCE

EXPECTED RESULTS

ACTUAL RESULTS

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions