Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-10944

iis: Plaintext password for Iis_application_pool appearing in Windows Event Log

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: iis, windows
    • Labels:
    • Template:
      MODULES Bug Template
    • Method Found:
      Needs Assessment
    • QA Risk Assessment:
      Needs Assessment

      Description

      Basic Info
      Module Version: 4.5.1 & 7.2.0
      Puppet Version: 5.5
      OS Name/Version:  Windows Server 2012 R2

      Please see description below

      Desired Behavior:  Plaintext passwords not appear in event log

      Actual Behavior:  Plaintext passwords appear in event log

      Please take a moment and attach any relevant log output and/or manifests. This will help us immensely when troubleshooting the issue.

      When using the IIS_application_pool configuration to setup IIS, the plaintext password is echoed into the Event Log.

      The code in use is similar to this:

          iis_application_pool { 'MyServer':
            ensure                  => 'present',
            state                   => 'started',
            managed_pipeline_mode   => 'Classic',
            managed_runtime_version => 'v1.1',
            identity_type           => 'SpecificUser',
            user_name               => 'domain\user',
            password                => $userpw,
            require                 => [
              Iis_feature['Web-WebServer'],
              Class['::domain_membership'],
            ],
          }
      

      Here is an example event log entry with password redacted:

       

       

      <Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Puppet'/><EventID Qualifiers='0'>1</EventID><Level>4</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2021-02-09T14:53:49.000000000Z'/><EventRecordID>220303</EventRecordID><Channel>Application</Channel><Computer>host-fqdn</Computer><Security/></System><EventData><Data>/Stage[main]/my_module::Roles::web/Iis_application_pool[MyServer]/password: password changed '' to 'REDACTED'</Data></EventData><RenderingInfo Culture='en-US'><Message>/Stage[main]/my_module::Roles::web/Iis_application_pool[Server]/password: password changed '' to 'REDACTED'</Message><Level>Information</Level><Task></Task><Opcode>Info</Opcode><Channel></Channel><Provider></Provider><Keywords><Keyword>Classic</Keyword></Keywords></RenderingInfo></Event>
      

       

       

       

       

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            jefferysmith Jeffery Smith
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support