Skip to main content

TB084 Leaked Password When Using EBS Plugins, HANA Plugins, or ASE Hooks




Alert Type



FIPS 199 Severity Level: High

CVSS Score: 8.2

Attack Vector (AV): L

Attack Complexity (AC): L

Privileges Required (PR): L

User Interaction (UI): R

Scope (S): C

Confidentiality (C): H

Integrity (I): H

Availability (A): H


Delphix logs environment variables on connected target environments to help with diagnosis. It has now been found that some plugins and hooks pass sensitive information such as database passwords in environment variables. This results in the sensitive information being logged. Custom hooks used with ASE along with EBS and HANA data sources are known to include passwords. It should also be noted that any custom connectors might also contain sensitive data in environment variables and could be susceptible to this issue.

Contributing Factors

Click here to view the versions of the Delphix engine to which this article applies
Major Release All Sub Releases




5.0,,,,,,,,, ,,,,,,

Passwords appear in log files when using any of the following functionality in the Delphix Virtualization Engine:

  • Hooks functionality with ASE

  • EBS plugin

  • HANA plugin


Log messages which include environment passwords may be present in the log files on target hosts found in the /work/Delphix_*_host/log/connector and /tmp/Delphix_*_host/log/connector directories.


  • Upgrade to version of the Delphix Engine.

  • Remove any impacted logs on the target hosts.

  • Delphix highly recommends changing all passwords that may have been exposed.


Upon migration or upgrade to the Delphix version release, the target hosts are automatically refreshed in order to prevent this issue from recurring.

If an engine has been impacted by this issue, delete the impacted log files that are on the target hosts.

Additional Information


Related Documents