Cisco Bug: CSCvu47790 - bash history records curl command containing credentials
Jun 03, 2020
- Cisco Elastic Services Controller
Known Affected Releases
It is undesirable to leak passwords from interactive shell use into history. Bash history records commands for future retrieval. Configuration file /etc/profile.d/shell_history_config.sh aims to suppress recording of command containing passwords. Patterns to ignore are added to HISTIGNORE Symptom: Execution of curl command containing pattern 'curl -u user:password' is recorded into bash history. Conditions: Command matching pattern 'curl -u user:password' will be recorded into bash history.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases