[NEXUS-6617] Support Bundle can include unprotected HTTP proxy server password - Sonatype JIRA

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.8
Fix Version/s: 2.9, 3.0.0-m1
Component/s: Support Tools
Labels:
- security

Story Points:
0.5
Sprint:
Sprint 19

Description

When Nexus is configured with an HTTP proxy server that has username and password, then the system properties `http.proxyPassword` and `https.proxyPassword` get set to the plain text proxy server password.

The sysinfo report included in the support bundle can include these plain text system property values. Suggest these values be replaced with some known text instead to protect the password from being transmitted in the support bundle.

Attachments

Activity

People

Assignee:: Jason Dillon

Reporter:: Peter Lynch

Last Updated By:: Peter Lynch

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 05/29/14 02:02 PM

Updated:: 08/25/14 05:32 PM

Resolved:: 06/13/14 05:33 PM

Date of First Response:: 29/May/14 6:55 PM

Time Tracking

Estimated:

Remaining:

Logged:

Not Specified