Project

General

Profile

Actions
Copy link

Bug #10794

closed

HAProxy Stats page credentials are not redacted in status.php

Added by Steve Wheeler over 4 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Renato Botelho
Category:
Diagnostics
Target version:
2.5.0
Start date:
07/28/2020
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
All

Description

The status_output file generated by status.php does not redact the HAProxy stats page login details:

                    <stats_enabled></stats_enabled>
                    <stats_username>admin</stats_username>
                    <stats_password>topsecret</stats_password>
                    <stats_uri></stats_uri>

They are also not shown by default which makes it hard to find them or spot of a browser has auto-filled it.

Actions
Copy link
 #1

Updated by Viktor Gurov over 4 years ago

Actions
Copy link
 #2

Updated by Jim Pingle over 4 years ago

  • Status changed from New to Pull Request Review
Actions
Copy link
 #3

Updated by Renato Botelho over 4 years ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

PR has been merged. Thanks!

Actions
Copy link
 #4

Updated by Danilo Zrenjanin about 4 years ago

  • Status changed from Feedback to Resolved

Tested on :
2.5.0-DEVELOPMENT (amd64)
built on Thu Sep 03 19:02:32 EDT 2020
FreeBSD 12.2-PRERELEASE

HAProxy Stats page credentials are redacted in status.php

<stats_enabled>yes</stats_enabled>
<stats_username>daniloz</stats_username>
<stats_password>xxxxx</stats_password>

I am resolving the ticket.

Actions
Copy link
 #5

Updated by Jim Pingle about 4 years ago

  • Category changed from Web Interface to Diagnostics
Actions
Copy link

Also available in: Atom PDF