Chef 12 Logging Passwords about chef-server HOT 6 CLOSED

@sean-horn thanks for the report. The /authenticate_user endpoint in Chef 11 (from the opscode-account service) had 2 levels of password log filtering:

1. Filtered from the general merb request logging
2. Explicitly filtered from the stacktrace and exception reporting

This report shows that in erlang, because of the specific function call that is failing, the password is showing up in the logged exception.

I'd like to:

1. Understand what is unique about this install / request that is causing login to fail. There is unexpected input here that is causing the Erlang process to crash
2. Add functionality that hopefully prevents us from logging this information in the future

from chef-server.

@sdelano I don't know that my configuration is unique. I have chef-server-core rpm package installed on RHEL6.6.

I also configured chef to use LDAP authentication:

ldap['base_dn']='cn=users,cn=accounts,dc=compute,dc=internal'
ldap['host']='idm.us-west-2.compute.internal'
ldap['tls_enabled']=true
ldap['login_attribute']='uid'
ldap['bind_dn']='uid=chef-server,cn=sysaccounts,cn=etc,dc=compute,dc=internal'
ldap['bind_password']='xxxxxx'
nginx['ssl_certificate']='/etc/pki/tls/certs/chef-server.crt'
nginx['ssl_certificate_key']='/etc/pki/tls/certs/chef-server.key'

That's all the custom stuff I have. I run chef-manage on the same box as the chef-server-core-12 package.

I also have this strange issue that may be related to this. For some reason the first user in the system fails to login with the first login screen. It then presents:

Welcome! It looks like this is the first time you have logged into Chef using your AD/LDAP login. You may now link your account to proceed.
Link an Existing Chef Account
The user [myusername] is in use (probably by you).

This, of course it not the first time I have logged in. It is the user that I used to initialize the first organization in the system via chef-manage. Then I type my password for the second time. This is when my password is logged to the log file.

It then presents:
500
Smell something burning?
Sorry we have a small fire in the kitchen.
An unexpected error has occurred. Our staff are manning the fire extinguishers and have been alerted.

I click on the chef manage logo and I am now logged in and everything functions normally.

The second user I create doesn't have this issue. I have destroyed and recreated the chef server multiple times, but this always happens.

I install by booting up a clean RHEL6.6 image.
I install the chef-server-core rpm.
I edit /etc/chef-server.rb file and add my LDAP config.
Then I do:

# chef-server-ctl reconfigure' command.
# chef-server-ctl install opscode-manage
# opscode-manage-ctl reconfigure
# chef-server-ctl reconfigure

I then try to login to chef manage. I create my new organization and everything looks good. I logout and I now have the account link issue each time I login.

from chef-server.

I believed the code path that led to this error was fixed with #119. That fix should ship in the next Chef Server release.

from chef-server.

A way to do this would be to keep the cleartext password around for the minimal amount of time possible and convert to the brcypt version as soon as possible and pass that around through the request.

from chef-server.

executed the chef-server-ctl cleanup command to resolve this issue as part of the post installation.

from chef-server.

I believe this bug was fixed in 12.9.0+ (commit a5b9716). It may be the case that other paths also log passwords. If you see any such cases, please open a bug with an example so we can track it down.

from chef-server.