HAProxy Stats page credentials are not redacted in status.php
The status_output file generated by status.php does not redact the HAProxy stats page login details:
<stats_enabled></stats_enabled> <stats_username>admin</stats_username> <stats_password>topsecret</stats_password> <stats_uri></stats_uri>
They are also not shown by default which makes it hard to find them or spot of a browser has auto-filled it.
Updated by Danilo Zrenjanin about 1 year ago
- Status changed from Feedback to Resolved
Tested on :
built on Thu Sep 03 19:02:32 EDT 2020
HAProxy Stats page credentials are redacted in status.php
<stats_enabled>yes</stats_enabled> <stats_username>daniloz</stats_username> <stats_password>xxxxx</stats_password>
I am resolving the ticket.