Project

General

Profile

Bug #11767

Sanitize OpenVPN Client Export certificate password in status output

Added by Viktor Gurov about 1 month ago. Updated 1 day ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
Diagnostics
Target version:
Start date:
04/01/2021
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
21.05
Release Notes:
Default
Affected Version:
2.5.0
Affected Architecture:

Description

Certificate Password (Password used to protect the certificate file contents) `<pass>` is not sanitized from status_output

Associated revisions

Revision eea0b39c (diff)
Added by Viktor Gurov 3 days ago

Sanitize pass and radmac_secret. Fixes #11767 and #11769

History

#1 Updated by Viktor Gurov about 1 month ago

  • Project changed from pfSense Packages to pfSense
  • Subject changed from Certificate Password is not sanitized from status_output to OpenVPN Client Export - Certificate Password is not sanitized from status_output
  • Category changed from OpenVPN Client Export to Diagnostics
  • Release Notes set to Default

example:

<vpn_openvpn_export>
                        <serverconfig>
                                <item>
                                        <pass>password12345</pass>
                                        <proxypass>xxxx</proxypass>
                                        <server>1</server>
                                        <useaddr>servermagichost</useaddr>
                                        <useaddr_hostname></useaddr_hostname>
                                        <verifyservercn>auto</verifyservercn>
                                        <blockoutsidedns></blockoutsidedns>
                                        <legacy></legacy>
                                        <randomlocalport></randomlocalport>
                                        <usepkcs11></usepkcs11>
                                        <pkcs11providers></pkcs11providers>
                                        <usetoken>yes</usetoken>
                                        <usepass>yes</usepass>
                                        <useproxy></useproxy>
                                        <useproxytype>socks</useproxytype>
                                        <proxyaddr>10.2.2.2</proxyaddr>
                                        <proxyport>3128</proxyport>
                                        <silent></silent>
                                        <useproxypass>basic</useproxypass>
                                        <proxyuser>oproxyuser1</proxyuser>
                                        <advancedoptions></advancedoptions>
                                </item>
                        </serverconfig>

#3 Updated by Jim Pingle about 1 month ago

  • Status changed from New to Pull Request Review
  • Target version set to CE-Next

#4 Updated by Viktor Gurov 3 days ago

  • Status changed from Pull Request Review to Feedback
  • % Done changed from 0 to 100

#5 Updated by Jim Pingle 2 days ago

  • Target version changed from CE-Next to 2.6.0

#6 Updated by Jim Pingle 2 days ago

  • Plus Target Version set to 21.05

#7 Updated by Jim Pingle 2 days ago

Already in 21.05 branch.

#8 Updated by Jim Pingle 1 day ago

  • Subject changed from OpenVPN Client Export - Certificate Password is not sanitized from status_output to Sanitize OpenVPN Client Export certificate password in status output

Also available in: Atom PDF