[LPS-47606] The mail portlet logs shows the password in 6.1 GA2 - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Resolution: Duplicate
Affects Version/s: 6.1.1 CE GA2
Fix Version/s: 6.1.30 EE GA3, 6.2.0 CE GA1
Component/s: Mail, Security Vulnerability, ~ [Archived] Collaboration
Labels:
- ee-ts

Description

If you see the liferay logs I will be attaching after the ticket creation, at line number 3206 an error message is received saying:

ERROR [liferay/mail_synchronizer-7][ParallelDestination:117] Unable to process message {destinationName=liferay/mail_synchronizer, response=null, responseDestinationName=null, responseId=null, payload=null, values={principalPassword=[B@4e1dc9c4d106b29303767527fc11214f1b325fb6, messagesPerPage=0, principalName=10196, accountId=756540, userId=10196, command=synchronize, pageNumber=0, companyId=10154, messageId=0, password=p@ssw2rd, folderId=0}}

You can observer an entry as password=p@ssw2rd. The password here is not encrypted and is shown in plain text. Is this an intended behavior ?

As per my understanding the password should never be exposed in plain text format.

This issue relates LPP-11815.

Thanks,
Namit

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

liferay.2014-06-04 (1).log
591 kB
11/Jun/14 11:51 PM

Issue Links

duplicates

LPS-31443 Filtering passwords from Message values is not case in-sensitive

Closed

Activity

People

Assignee:: Tomáš Polešovský

Reporter:: Namit Srivastava

Participants of an Issue:: Namit Srivastava, Tomáš Polešovský

Recent user:: Esther Sanz

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 11/Jun/14 11:49 PM

Updated:: 02/Dec/15 4:31 AM

Resolved:: 27/Jun/14 5:43 AM

Days since last comment:: 6 years, 37 weeks, 3 days ago

Packages

Version	Package
6.1.30 EE GA3
6.2.0 CE GA1