Need wallet_propose's secret key to masked or partially masked when trace in server log. #2354
Assignees
Comments
Closed
|
Thank you for reporting this issue! This is addressed in the above mentioned pull request. Please reach out to me by e-mail ([email protected]) so that I can arrange for a bug bounty payout. |
|
hi @nbougalis |
seelabs
pushed a commit
to seelabs/rippled
that referenced
this issue
Jan 30, 2018
Per issue XRPLF#2354, when the log level of a server was configured at "trace", sensitive keying meterial generated by the `wallet_propose` command could be written to the server's log file, if one was configured. This commit improves the log scrubbing code to account for the sensitive information generated by a `wallet_propose`. ** Important security consideration ** We still caution everyone *against* executing this command on a server that they do not control: a malicious server operator could intercept the generated keypair, or operate a modified server that returns keypairs that are not securely generated.
seelabs
pushed a commit
to seelabs/rippled
that referenced
this issue
Feb 9, 2018
Per issue XRPLF#2354, when the log level of a server was configured at "trace", sensitive keying meterial generated by the `wallet_propose` command could be written to the server's log file, if one was configured. This commit improves the log scrubbing code to account for the sensitive information generated by a `wallet_propose`. ** Important security consideration ** We still caution everyone *against* executing this command on a server that they do not control: a malicious server operator could intercept the generated keypair, or operate a modified server that returns keypairs that are not securely generated.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I set server log level to trace,
and run ./rippled wallet_propose ssFdUJj2H9v7X222XFXQSQ43rWU46
and ./rippled sign with explicit secret parameters.
it show below log.
the secret is masked in sign, but not masked in
wallet_propose.
if problems occurs in production environment,
there are cases where my customer request a third party to investigate,
and some developeres may see this debug.log.
I mean need to mask secret key only in log output, not really reponse data.
2018-Jan-25 14:56:09 Server:TRC COMMAND:sign
2018-Jan-25 14:56:09 Server:TRC REQUEST:
{
"command" : "sign",
"offline" : true,
"secret"*********************************** //this is masked, so ok,
"tx_json" :
{
"Account" : "rKTzaXFSqChMRntzDij9KDTmVymVRC4vhu",
"Amount" : "24",
"Destination" : "rw7C6SJPxUHkT9UR7BoQo55e6L3sbabHxk",
"DestinationTag" : 1000000,
"Fee" : "10",
"LastLedgerSequence" : "10",
"Sequence" : "1",
"SourceTag" : 1000000,
"TransactionType" : "Payment"
}
}
2018-Jan-25 14:56:09 Server:TRC #2 destroyed: 1 request
2018-Jan-25 15:02:38 Server:TRC COMMAND:wallet_propose
2018-Jan-25 15:02:38 Server:TRC REQUEST:
{
"command" : "wallet_propose",
"passphrase" : "ssFdUJj2H9v7X222XFXQSQ43rWU46" // but this is not masked
}
2018-Jan-25 15:02:38 Server:DBG Reply:
{
"id":1,
"result":{
"account_id":"rfZYYWy4B76cUKATbq2NfRLsELUBXC2dX4",
"key_type":"secp256k1",
"master_key":"ROOM WAST OAK LUND CLUE DEER EGAN HANG NICK TO TONE KNOW", // and also this not is masked
"master_seed":"ssFdUJj2H9v7X222XFXQSQ43rWU46", // and also this is not masked
"master_seed_hex":"50D78E20116FD27AE38216DAB7001FD2", // and also this is not masked
"public_key":"aB41qEofjao21Y5kTjhH3yVAr1qWVuaUsPv4K3CNdNufkf9FAUij",
"public_key_hex":"027918C42F9414FE5762EA1B1D1AF28A84D6D507820AFA2E7660236BD36731A54B",
"status":"success"
}
}
The text was updated successfully, but these errors were encountered: