Bug #72158 Prevent logging of encryption functions
Submitted: 29 Mar 2014 10:09 Modified: 17 Aug 2014 12:31
Reporter: Daniël van Eeden (OCA) Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Command-line Clients Severity:S3 (Non-critical)
Version:5.6.17 OS:Any
Assigned to: CPU Architecture:Any
Tags: encryption, Security

[29 Mar 2014 10:09] Daniël van Eeden
Description:
MySQL tries to prevent passwords from being logged in the client history and other files. But it doesn't prevent logging of the key which was used for AES encryption.

https://dev.mysql.com/doc/refman/5.6/en/password-logging.html

How to repeat:
Use the AES encryption function and see what's in the logs.

Suggested fix:
Prevent logging of the AES function.
[30 Mar 2014 19:03] MySQL Verification Team
Hello Daniel,

Thank you for the bug report.
Verified as described.

Thanks,
Umesh
[17 Aug 2014 12:31] Daniël van Eeden
added tags