docker-mautic icon indicating copy to clipboard operation
docker-mautic copied to clipboard

Published 20 hours ago verified publisher icon mautic

Security issue password should be masked in log file

Open lapkritinis opened this issue 5 years ago • 2 comments

There is no good reason to log the database password into a log file. The culprit is lines like these:

echo >&2 "Database Password: $MAUTIC_DB_PASSWORD"

Reference doc: https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html#data-to-exclude

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

lapkritinis avatar Sep 29 '20 19:09 lapkritinis

There's also a confusing note about the password above that, saying it should be empty?

bradjones1 avatar Dec 07 '22 20:12 bradjones1