Bug #9159

Password stored in plain text in debug.log

Added by Joseph Pizzi 4 months ago. Updated 4 months ago.

Status:Closed Start date:06/25/2021
Priority:Normal Due date:
Assignee:Kosta A. % Done:

100%

Category:-
Target version:-
Chirp Version:daily Platform:All
Model affected:(All models)

Description

I just attempted to download frequencies from RFinder. The attempt failed. In investigating, I discovered my password stored in plain text in the debug.log file.

Associated revisions

Revision 3529:5e0cd9dc53b6
Added by Kosta A. 4 months ago

Remove clear text logging of password from rfinder module. Fixes #9159

History

Updated by Rudolph Gutzerhagen 4 months ago

Hey Joe,

do the log entries look like they were created by this code in rfinder.py ?

def fetch_data(self, user, pw, coords, radius):
"""Fetches the data for a set of parameters"""
LOG.debug(user)
LOG.debug(pw)

Updated by Joseph Pizzi 4 months ago

Most definitely. In fact (should have included this), the entries are:

[date/time] chirp.drivers.rfinder - DEBUG: <username>
[date/time] chirp.drivers.rfinder - DEBUG: <password>

Updated by Kosta A. 4 months ago

  • Status changed from New to Resolved
  • Assignee set to Kosta A.
  • % Done changed from 0 to 100
  • Platform changed from Windows to All

Commit pending to mail list to remove clear text logging of password.

Updated by Rudolph Gutzerhagen 4 months ago

in the mod I was preparing, I would have left some trace of information in the log:


+ LOG.debug("user id: {userid}".format(userid=user))
+ LOG.debug("password: a password of lenght {pwlen} was used"
+ .format(pwlen=len(pw)))

Updated by Kosta A. 4 months ago

  • Status changed from Resolved to Closed

Applied in changeset 5e0cd9dc53b6.

Also available in: Atom PDF