Donal Evans created GEODE-9805:
----------------------------------
Summary: Debug logging of Radish AUTH command in
ExecutionHandlerContext.executeCommand() reveals sensitive information
Key: GEODE-9805
URL: https://issues.apache.org/jira/browse/GEODE-9805
Project: Geode
Issue Type: Bug
Components: redis
Affects Versions: 1.15.0
Reporter: Donal Evans
With debug logging enabled, the ExecutionHandlerContext.executeCommand() method
logs every command executed along with its arguments. In the case of the AUTH
command, this results in un-redacted userId and/or password being logged, which
represents a serious security issue.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
