[Apiman-user] Login failure message shows password in the clear
Paul Blair
pblair at clearme.com
Tue Jan 5 11:50:50 EST 2016
I'm setting up a new gateway in apiman. I put in the wrong password for the configuration endpoint credentials, and this is what I got on the "New Gateway" screen:
Gateway Configuration Invalid
Something has gone wrong when testing the Gateway. Hopefully the details (below) will help you figure out what.
{"data":"<html><head><title>Error</title></head><body>Unauthorized</body></html>","status":401,"config":{"method":"PUT","transformRequest":[null],"transformResponse":[null],"data":{"name":"The Gateway","description":"Gateway to back-end services","configuration":"{\"endpoint\":\"https://[GATEWAY_URI]/apiman-gateway-api/\",\"username\":\"apimanager\",\"password\":\"api-manager$65454\"}","type":"REST"},"url":"https://[APIMAN_URI]/apiman/gateways","headers":{"Accept":"application/json, text/plain, */*","Content-Type":"application/json;charset=utf-8","Authorization":"Bearer [TOKEN]"}},"statusText":"Unauthorized"}
Granted that only a mistaken password is shown, this still doesn't seem secure, and also makes me wonder if the credential may be exposed in other similar places. Should I raise an issue on this?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20160105/05c9244b/attachment.html
More information about the Apiman-user
mailing list