Database Passwords are shown in the plain text
Article ID: 275848
Updated On:
Products
CA Identity Suite
Issue/Introduction
We found a security incident. Database passwords are shown in plain text in the Provisioning Server etatrans log. This task is called from IDP. It's for attributes eTEncrCustomField01, eTEncrCustomField02, and eTEncrCustomField03 and in the IDM Management Console, it's set as sensitive.
From the Logs:
20230811:111937:TID=0ffb40:Modify :E321:----:P: eTEncrCustomField03: Testpassword3 [REPLACE]
20230811:111937:TID=0ffb40:Modify :E321:----:P: eTEncrCustomField02: Testpassword2 [REPLACE]
20230811:111937:TID=0ffb40:Modify :E321:----:P: eTEncrCustomField01: Testpassword1 [REPLACE]
Environment
Release: 14.4
Component: CA Identity Suite Virtual Appliance
Resolution
This is a known issue and was resolved as part of defect #DE575527.
If you are facing this issue, please create a support case and request for the hotfix HF-DE575527.zip
If you are facing this issue, please create a support case and request for the hotfix HF-DE575527.zip
Feedback
Yes
No
Powered by
