Password configuration property values should not be logged as plaintext

Question

Password configuration property values should not be logged as plaintext

Ralfers opened this issue 3 years ago · 2 comments

The librdkafka library provides multiple configuration properties for passwords. For example:

ssl.keystore.password;
ssl.key.password.

In some scenarios, password property values get logged as plaintext for log levels that are required for production. For example, KafkaClient.h logs passwords on log level "Err" when librdkafka fails to set them:

Passwords should only be logged plaintext with log level "Debug", otherwise i suggest to mask the password values with "*" symbols. Maybe could use masking if prop.first contains the substring "password", at the very least.

Answer 1 · 2022-04-14T12:46:44.000Z

A quick lookup showed these as potential cleartext password logs:

KafkaProducer.h :241 (Log::Level::Notice)
KafkaConsumer.h :422 (Log::Level::Notice)
KafkaClient.h :387 (Log::Level::Err)

Answer 2 · 2022-05-13T09:41:17.000Z

A quick lookup showed these as potential cleartext password logs:

KafkaProducer.h :241 (Log::Level::Notice)

KafkaConsumer.h :422 (Log::Level::Notice)

KafkaClient.h :387 (Log::Level::Err)

To fix:

KafkaProducer.h & KafkaConsumer would always printout the properties while it has been created, which might expose the plaintext password (if any).

No fix:

Since KafkaClient.h would only printout the rejected properties, if the property is ssl.keystore.password (or ssl.key.password, whatever), as long as the property name is right, it would never be rejected.