Skip to content

Leaking OTP in Hadoop plugin  #3296

New issue
New issue
Closed
#3298
Closed
Leaking OTP in Hadoop plugin #3296
#3298
Labels
BugAn error, flaw, misbehavior or failure in the Monkey or Monkey Island.Complexity: LowImpact: HighSecurity
Milestone
v2.2.0
@ilija-lazoroski

Description

@ilija-lazoroski
ilija-lazoroski
opened on May 3, 2023

Describe the bug

It seems that we are leaking OTP in Hadoop payload logging

To Reproduce

Steps to reproduce the behavior:

  1. Configure the Monkey with Hadoop plugin
  2. Run the monkey on any hadoop machine
  3. Observe logs

Expected behavior

We shouldn't be logging OTP.

Screenshots

image

Machine version (please complete the following information):

  • OS: Windows or Linux

Tasks

  • Fix up logging level in Hadoop plugin
    • Do not forget to rebuild the plugin
  • Fix the regex in OTPFormatter
    • Store the OTP character set in common and use it in OTPFormatter and AuthenticationFacade.generate_otp()
    • Compile regexes as class variables so they don't need to be recompiled for every single log message

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugAn error, flaw, misbehavior or failure in the Monkey or Monkey Island.Complexity: LowImpact: HighSecurity

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions