Guest

Preview Tool

Cisco Bug: CSCvu47790 - bash history records curl command containing credentials

Last Modified

Jun 03, 2020

Products (1)

  • Cisco Elastic Services Controller

Known Affected Releases

5.2(0.87)

Description (partial)

It is undesirable to leak passwords from interactive shell use into history.   Bash history records commands for future retrieval. 
Configuration file /etc/profile.d/shell_history_config.sh aims to suppress recording of command containing passwords.       Patterns to ignore are added to HISTIGNORE

Symptom:
Execution of curl command containing pattern 'curl -u user:password' is recorded into bash history.

Conditions:
Command matching pattern 'curl -u user:password' will be recorded into bash history.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.