[jboss-jira] [JBoss JIRA] (WFLY-13838) plain text j_password appears in the legacy audit log

Hisanobu Okuda created WFLY-13838: ------------------------------------- Summary: plain text j_password appears in the legacy audit log Key: WFLY-13838 URL: https://issues.redhat.com/browse/WFLY-13838 Project: WildFly Issue Type: Bug Components: Web (Undertow) Affects Versions: 20.0.1.Final Reporter: Hisanobu Okuda Assignee: Flavia Rainone Attachments: web-form-auth.tar.gz The unmasked value of j_password is written in the audit log as `[parameters=guest::,guest::,]`. {code} 12:48:45,385 TRACE [org.jboss.security.audit] (default task-1) [Success]principal=guest;request=[/test:cookies=[javax.servlet.http.Cookie@46b3f22]:headers=Origin=http://localhost:8080,Cookie=JSESSIONID=dbDjUA6QeA2UXCyyPaqdSSgE4Kjd0_JvxUG7-pBx.localhost,Accept=text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8,User-Agent=Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0,Connection=keep-alive,Referer=http://localhost:8080/test/secure/index.jsp,Host=localhost:8080,Accept-Encoding=gzip, deflate,DNT=1,Upgrade-Insecure-Requests=1,Accept-Language=en-US,en;q=0.5,Content-Length=33,Content-Type=application/x-www-form-urlencoded,][parameters=guest::,guest::,][attributes=];message=UT000030: User guest successfully authenticated.;Source=org.wildfly.extension.undertow.security.AuditNotificationReceiver; {code} -- This message was sent by Atlassian Jira (v7.13.8#713008)