Details
Normal Description
Basic Info
Module Version: 4.5.1 & 7.2.0
Puppet Version: 5.5
OS Name/Version: Windows Server 2012 R2
Please see description below
Desired Behavior: Plaintext passwords not appear in event log
Actual Behavior: Plaintext passwords appear in event log
Please take a moment and attach any relevant log output and/or manifests. This will help us immensely when troubleshooting the issue.
When using the IIS_application_pool configuration to setup IIS, the plaintext password is echoed into the Event Log.
The code in use is similar to this:
iis_application_pool { 'MyServer': |
ensure => 'present', |
state => 'started', |
managed_pipeline_mode => 'Classic', |
managed_runtime_version => 'v1.1', |
identity_type => 'SpecificUser', |
user_name => 'domain\user', |
password => $userpw,
|
require => [
|
Iis_feature['Web-WebServer'], |
Class['::domain_membership'], |
],
|
}
|
Here is an example event log entry with password redacted:
<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Puppet'/><EventID Qualifiers='0'>1</EventID><Level>4</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2021-02-09T14:53:49.000000000Z'/><EventRecordID>220303</EventRecordID><Channel>Application</Channel><Computer>host-fqdn</Computer><Security/></System><EventData><Data>/Stage[main]/my_module::Roles::web/Iis_application_pool[MyServer]/password: password changed '' to 'REDACTED'</Data></EventData><RenderingInfo Culture='en-US'><Message>/Stage[main]/my_module::Roles::web/Iis_application_pool[Server]/password: password changed '' to 'REDACTED'</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel></Channel><Provider></Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event> |
