[#MDEV-24032] Password's are getting logged in the db log when installing openstack.

[MDEV-24032] Password's are getting logged in the db log when installing openstack. Created: 2020-10-27 Updated: 2020-10-27 Resolved: 2020-10-27
Status:	Closed
Project:	MariaDB Server
Component/s:	Authentication and Privilege System
Affects Version/s:	10.3.17
Fix Version/s:	N/A

Type:

Bug

Priority:

Major

Reporter:

Kumar Biplab Singh

Assignee:

Unassigned

Resolution:

Duplicate

Votes:

Labels:

security

Environment:

OS . RHEL 8.2 x86_64

Issue Links:

Duplicate
duplicates	MDEV-9042	CREATE USER passwords being written t...	Open
Relates
relates to	MDEV-10584	Obscure plain text passwords from ser...	In Review

Description

Password's are getting logged while installing openstack in the event of creating users of the openstack component.

We have enabled following parameters in the '/etc/my.cnf.d/server.cnf' file
'plugin_load_add', 'sql_errlog'
'sql_error_log_rotate', '1'
'slow_query_log', '1'
'long_query_time' 10

Here is the db log after the installation of openstack where the passwords are getting printed

Version: '10.3.17-MariaDB-log' socket: '/var/lib/mysql/mysql.sock' port: 50110 MariaDB Server
2020-10-21 10:16:45 root[root] @ localhost [] ERROR 1396: Operation CREATE USER failed for 'novadb'@'localhost' : CREATE USER 'novadb'@'localhost' IDENTIFIED BY 'l9OxJ46JNixySVWDiV58'
2020-10-21 10:16:45 root[root] @ localhost [] ERROR 1396: Operation CREATE USER failed for 'novadb'@'127.0.0.1' : CREATE USER 'novadb'@'127.0.0.1' IDENTIFIED BY 'l9OxJ46JNixySVWDiV58'
2020-10-21 10:16:45 root[root] @ localhost [] ERROR 1396: Operation CREATE USER failed for 'novadb'@'::1' : CREATE USER 'novadb'@'::1' IDENTIFIED BY 'l9OxJ46JNixySVWDiV58'

Generated at Thu Feb 08 09:26:55 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-24032] Password's are getting logged in the db log when installing openstack. Created: 2020-10-27 Updated: 2020-10-27 Resolved: 2020-10-27