Project

General

Profile

Actions

Bug #11767

closed

Sanitize OpenVPN Client Export certificate password in status output

Added by Viktor Gurov 7 months ago. Updated 5 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Diagnostics
Target version:
Start date:
04/01/2021
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
21.05
Release Notes:
Default
Affected Version:
2.5.0
Affected Architecture:

Description

Certificate Password (Password used to protect the certificate file contents) `<pass>` is not sanitized from status_output

Actions #1

Updated by Viktor Gurov 7 months ago

  • Project changed from pfSense Packages to pfSense
  • Subject changed from Certificate Password is not sanitized from status_output to OpenVPN Client Export - Certificate Password is not sanitized from status_output
  • Category changed from OpenVPN Client Export to Diagnostics
  • Release Notes set to Default

example:

<vpn_openvpn_export>
                        <serverconfig>
                                <item>
                                        <pass>password12345</pass>
                                        <proxypass>xxxx</proxypass>
                                        <server>1</server>
                                        <useaddr>servermagichost</useaddr>
                                        <useaddr_hostname></useaddr_hostname>
                                        <verifyservercn>auto</verifyservercn>
                                        <blockoutsidedns></blockoutsidedns>
                                        <legacy></legacy>
                                        <randomlocalport></randomlocalport>
                                        <usepkcs11></usepkcs11>
                                        <pkcs11providers></pkcs11providers>
                                        <usetoken>yes</usetoken>
                                        <usepass>yes</usepass>
                                        <useproxy></useproxy>
                                        <useproxytype>socks</useproxytype>
                                        <proxyaddr>10.2.2.2</proxyaddr>
                                        <proxyport>3128</proxyport>
                                        <silent></silent>
                                        <useproxypass>basic</useproxypass>
                                        <proxyuser>oproxyuser1</proxyuser>
                                        <advancedoptions></advancedoptions>
                                </item>
                        </serverconfig>

Actions #3

Updated by Jim Pingle 7 months ago

  • Status changed from New to Pull Request Review
  • Target version set to CE-Next
Actions #4

Updated by Viktor Gurov 6 months ago

  • Status changed from Pull Request Review to Feedback
  • % Done changed from 0 to 100
Actions #5

Updated by Jim Pingle 6 months ago

  • Target version changed from CE-Next to 2.6.0
Actions #6

Updated by Jim Pingle 6 months ago

  • Plus Target Version set to 21.05
Actions #7

Updated by Jim Pingle 6 months ago

Already in 21.05 branch.

Actions #8

Updated by Jim Pingle 6 months ago

  • Subject changed from OpenVPN Client Export - Certificate Password is not sanitized from status_output to Sanitize OpenVPN Client Export certificate password in status output
Actions #9

Updated by Jim Pingle 5 months ago

  • Target version changed from 2.6.0 to 2.5.2
Actions #10

Updated by Jim Pingle 5 months ago

  • Status changed from Feedback to Closed
  • Assignee set to Viktor Gurov

Works. Password is sanitized in the output.

        <vpn_openvpn_export>
            <serverconfig>
                <item>
                    <pass>xxxxx</pass>
                    <proxypass>xxxxx</proxypass>
                    <server>3</server>
                    <useaddr>serveraddr</useaddr>
                    <useaddr_hostname></useaddr_hostname>
                    <verifyservercn>auto</verifyservercn>
                    <blockoutsidedns></blockoutsidedns>
                    <legacy></legacy>
                    <randomlocalport></randomlocalport>
                    <usepkcs11></usepkcs11>
                    <pkcs11providers></pkcs11providers>
                    <usetoken></usetoken>
                    <usepass>yes</usepass>
                    <useproxy></useproxy>
                    <useproxytype>http</useproxytype>
                    <proxyaddr></proxyaddr>
                    <proxyport></proxyport>
                    <silent></silent>
                    <useproxypass>none</useproxypass>
                    <proxyuser>xxxxx</proxyuser>
                    <advancedoptions></advancedoptions>
                </item>
            </serverconfig>
            <defaultsettings></defaultsettings>
        </vpn_openvpn_export>
Actions

Also available in: Atom PDF