Skip to content

[POTENTIAL SECURITY ISSUE] Password saved in the logs unencrypted #47

New issue
New issue
Open
Open
[POTENTIAL SECURITY ISSUE] Password saved in the logs unencrypted#47
@AlexandreSajus

Description

@AlexandreSajus
AlexandreSajus
opened on Apr 22, 2021

I created an Azure VM with a password similar to "&WORD". The VM didn't work so I checked the logs of the VM and I found: "/bin/sh: 1: WORD: not found". Because of the symbol "&", the console thought my password was a command and saved it in the logs UNENCRYPTED.
This could be a really important security issue, please look into it.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions