#996330 wpasupplicant: wpa_supplicant logs sensitive data in cleartext

Package:
wpasupplicant
Source:
wpa
Description:
client support for WPA and WPA2 (IEEE 802.11i)
Submitter:
Vladimir K
Date:
2021-10-13 07:54:03 UTC
Severity:
important
Tags:
#996330#5
Date:
2021-10-13 07:39:46 UTC
From:
To:
Dear Maintainer, wpa_supplicant can not use hardware token again if it was
unplugged at some point after previous use by wpa_supplicant, requires service restart.
(other applications do not experience such problems)
The other problem is that on any error with the token it dumps pin in clear text to the log:

    Oct 13 10:00:22 hostname wpa_supplicant[3834594]: ENGINE: cannot load private key with id 'pkcs11:{full_pkcs11_url}?pin-value={cleartext_pin_value}' [error:8206B032:PKCS#11 module:pkcs11_find_keys:Device removed]