[H2] Bootstrap admin plaintext password written to .admin-credentials + info! log fallback #16

Open
opened 2026-06-05 17:35:28 -07:00 by azcomputerguru · 0 comments

Severity: High

Component(s): server

Affected file(s):

  • server/src/main.rs (~lines 198-225)

Problem:
The bootstrap admin plaintext password is written to .admin-credentials in the CWD, with an info! log fallback. The server deploys on Linux so 0o600 works; the residual risk is on-disk plaintext plus the log path.

Recommended fix:
Have the operator supply the password via env/one-time input, or print-once and never persist; remove the log fallback.

Remediation phase: P0

From the 2026-06-05 three-way review (Claude+Gemini+Grok) — see reports/review-2026-06-05/SYNTHESIS-three-way.md (finding H2) and REMEDIATION-PLAN.md (P0).

**Severity:** High **Component(s):** server **Affected file(s):** - `server/src/main.rs` (~lines 198-225) **Problem:** The bootstrap admin plaintext password is written to `.admin-credentials` in the CWD, with an `info!` log fallback. The server deploys on Linux so `0o600` works; the residual risk is on-disk plaintext plus the log path. **Recommended fix:** Have the operator supply the password via env/one-time input, or print-once and never persist; remove the log fallback. **Remediation phase:** P0 From the 2026-06-05 three-way review (Claude+Gemini+Grok) — see reports/review-2026-06-05/SYNTHESIS-three-way.md (finding H2) and REMEDIATION-PLAN.md (P0).
azcomputerguru added the severity:highcomponent:serversecurity labels 2026-06-05 17:35:28 -07:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: azcomputerguru/guru-connect#16