fix: prevent credential exposure via process listings and logs#47
Open
taranveer-tengurchittoo wants to merge 1 commit into
Open
fix: prevent credential exposure via process listings and logs#47taranveer-tengurchittoo wants to merge 1 commit into
taranveer-tengurchittoo wants to merge 1 commit into
Conversation
Two issues fixed: 1. Vault master password exposed in /proc/PID/cmdline check_logged_in(), unlock_vault(), and login_bitwarden() pass the master password as a positional CLI argument to bw. Any process on the system can read it from /proc/PID/cmdline or ps output. Replaced with --passwordenv, which tells the bw CLI to read the password from an environment variable instead. The variable is set only on the subprocess env dict, not the global os.environ. 2. SMTP password logged in plaintext send_email_notification() logs the SMTP password at INFO level. Replaced with a static mask.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
bwCLI with--passwordenvto prevent exposure via/proc/PID/cmdlineProblem
1. Master password visible in process listings
check_logged_in(),unlock_vault(), andlogin_bitwarden()pass the Bitwarden master password as a positional argument:On Linux, any process on the system can read this from
/proc/PID/cmdline. On shared hosts, Docker containers with--pid=host, or systems with monitoring agents, the vault master password is readable by any user or process that can enumerate the process table (ps aux).2. SMTP password logged in plaintext
send_email_notification()logs the SMTP password at INFO level:Log files are often persisted, aggregated to centralized logging, or visible in CI/CD output.
Fix
Password in CLI args: Replaced with
--passwordenv BW_PASSWORD, which tells thebwCLI to read the password from an environment variable. The variable is set only on the subprocess environment dict (via theenvparameter tosubprocess.run), not on the parent processos.environ, so it does not leak to other child processes.SMTP password logging: Replaced with a static
********mask.References