[MDEV-35507] ed25519 authentication plugin create user statement trigger plain text password in audit log - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Blocker
Resolution: Fixed
Affects Version/s: 10.6
Fix Version/s: 10.5.28, 10.6.21, 10.11.11, 11.4.5, 11.7.2
Component/s: Plugin - Audit
Labels:
None

Description

for version 10.6.19-15-MariaDB-enterprise while creating user using ed255191 authentication, plain text password writing to audit file.

Create user statement:
MariaDB [(none)]> create user ed255191@'%' IDENTIFIED VIA ed25519 USING PASSWORD('Bnfjusdjg@123');
Query OK, 0 rows affected (0.031 sec)

Audit log entry:
20241011 01:24:06,rocky1,root,localhost,4,25,QUERY,,'create user ed255191@\'%\' IDENTIFIED VIA ed25519 USING PASSWORD(\'Bnfjusdjg@123\')',0

Attachments

Activity

People

Assignee:: Oleksandr Byelkin

Reporter:: Venkata Vigneswara Reddy Bandi

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 2024-10-11 07:05

Updated:: 1 week ago 07:43

Resolved:: 2024-11-27 19:31

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.