Logs show password in clear text from API calls made to the NSX-T Manager

search cancel

Logs show password in clear text from API calls made to the NSX-T Manager

book

Article ID: 377068

calendar_today

Updated On:

Products

VMware NSX VMware NSX Networking

Issue/Introduction

You are using NSX-T 3.x or 4.x
You have enabled DEBUG level logging in /opt/vmware/proxy-tomcat/conf/log4j2.xml
In the NSX-T manager log file /var/log/proxy/reverse-proxy.log You can see similar output, where username and password are exposed.

2024-02-19T10:15:11.743Z DEBUG Processing request ########-####-####-####-########e547 ResourceOwnerPasswordAccessTokenProvider 900499 Encoding and sending form: {grant_type=[password], username=[##########], password=[#########], scope=[####]}

Environment

NSX-T Data Center 3.x

NSX-T 4.x

Cause

Tomcat module sends passwords to the logs in clear text when log level is set to DEBUG.

Resolution

This issue is resolved in NSX-T 4.2

NSX-T 4.2 Release Notes

https://docs.vmware.com/en/VMware-NSX/4.2.0/rn/vmware-nsx-420-release-notes/index.html

Feedback

thumb_up Yes

thumb_down No