Project

General

Profile

Actions

Bug #10794

closed

HAProxy Stats page credentials are not redacted in status.php

Added by Steve Wheeler about 1 year ago. Updated 12 months ago.

Status:
Resolved
Priority:
Normal
Category:
Diagnostics
Target version:
Start date:
07/28/2020
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
All

Description

The status_output file generated by status.php does not redact the HAProxy stats page login details:

                    <stats_enabled></stats_enabled>
                    <stats_username>admin</stats_username>
                    <stats_password>topsecret</stats_password>
                    <stats_uri></stats_uri>

They are also not shown by default which makes it hard to find them or spot of a browser has auto-filled it.

Actions #2

Updated by Jim Pingle about 1 year ago

  • Status changed from New to Pull Request Review
Actions #3

Updated by Renato Botelho about 1 year ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

PR has been merged. Thanks!

Actions #4

Updated by Danilo Zrenjanin about 1 year ago

  • Status changed from Feedback to Resolved

Tested on :
2.5.0-DEVELOPMENT (amd64)
built on Thu Sep 03 19:02:32 EDT 2020
FreeBSD 12.2-PRERELEASE

HAProxy Stats page credentials are redacted in status.php

<stats_enabled>yes</stats_enabled>
<stats_username>daniloz</stats_username>
<stats_password>xxxxx</stats_password>

I am resolving the ticket.

Actions #5

Updated by Jim Pingle 12 months ago

  • Category changed from Web Interface to Diagnostics
Actions

Also available in: Atom PDF