Rapid7 Vulnerability & Exploit Database

FreeBSD: logstash -- password disclosure vulnerability

Free InsightVM Trial No Credit Card Necessary

2024 Attack Intel Report Latest research by Rapid7 Labs

Back to Search

FreeBSD: logstash -- password disclosure vulnerability

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

04/01/2016

Created

07/25/2018

Added

04/29/2016

Modified

04/29/2016

Description

Logstash developers report: Passwords Printed in Log Files under Some Conditions It was discovered that, in Logstash 2.1.0+, log messages generated by a stalled pipeline during shutdown will print plaintext contents of password fields. While investigating this issue we also discovered that debug logging has included this data for quite some time. Our latest releases fix both leaks. You will want to scrub old log files if this is of particular concern to you. This was fixed in issue #4965

Solution(s)

freebsd-upgrade-package-logstash

References

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

FreeBSD: logstash -- password disclosure vulnerability

FreeBSD: logstash -- password disclosure vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.