Logs show password in clear text from API calls made to the NSX-T Manager

search cancel

Logs show password in clear text from API calls made to the NSX-T Manager

book

Article ID: 377068

calendar_today

Updated On:

Products

VMware NSX VMware NSX-T Data Center

Issue/Introduction

Running on NSX-T 3.x or 4.x
Enable DEBUG level logging in /opt/vmware/proxy-tomcat/conf/log4j2.xml
In the NSX-T manager log file /var/log/proxy/reverse-proxy.log below logs will be seen, where username and password are exposed.

2024-02-19T10:15:11.743Z DEBUG Processing request ########-####-####-####-########e547 ResourceOwnerPasswordAccessTokenProvider 900499 Encoding and sending form: {grant_type=[password], username=[##########], password=[#########], scope=[####]}

Environment

VMware NSX-T Data Center 3.x

VMware NSX 4.x

Cause

Tomcat module sends passwords to the logs in clear text when log level is set to DEBUG.

Resolution

This issue is resolved in VMware NSX 4.2

NSX 4.2 Release Notes

VMware NSX 4.2.0 Release Notes

Feedback

thumb_up Yes

thumb_down No