Bug #11767: Sanitize OpenVPN Client Export certificate password in status output - pfSense - pfSense bugtracker

Actions

Copy link

Bug #11767

closed

Sanitize OpenVPN Client Export certificate password in status output

Added by Viktor Gurov about 3 years ago. Updated almost 3 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Viktor Gurov

Category:

Diagnostics

Target version:

2.5.2

Start date:

04/01/2021

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

21.05

Release Notes:

Default

Affected Version:

2.5.0

Affected Architecture:

Description

Certificate Password (Password used to protect the certificate file contents) `<pass>` is not sanitized from status_output

Actions

Copy link

Updated by Viktor Gurov about 3 years ago

Project changed from pfSense Packages to pfSense
Subject changed from Certificate Password is not sanitized from status_output to OpenVPN Client Export - Certificate Password is not sanitized from status_output
Category changed from OpenVPN Client Export to Diagnostics
Release Notes set to Default

example:

<vpn_openvpn_export>
                        <serverconfig>
                                <item>
                                        <pass>password12345</pass>
                                        <proxypass>xxxx</proxypass>
                                        <server>1</server>
                                        <useaddr>servermagichost</useaddr>
                                        <useaddr_hostname></useaddr_hostname>
                                        <verifyservercn>auto</verifyservercn>
                                        <blockoutsidedns></blockoutsidedns>
                                        <legacy></legacy>
                                        <randomlocalport></randomlocalport>
                                        <usepkcs11></usepkcs11>
                                        <pkcs11providers></pkcs11providers>
                                        <usetoken>yes</usetoken>
                                        <usepass>yes</usepass>
                                        <useproxy></useproxy>
                                        <useproxytype>socks</useproxytype>
                                        <proxyaddr>10.2.2.2</proxyaddr>
                                        <proxyport>3128</proxyport>
                                        <silent></silent>
                                        <useproxypass>basic</useproxypass>
                                        <proxyuser>oproxyuser1</proxyuser>
                                        <advancedoptions></advancedoptions>
                                </item>
                        </serverconfig>

Actions

Copy link

Updated by Viktor Gurov about 3 years ago

Affected Version set to 2.5.0

https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/216

Actions

Copy link

Updated by Jim Pingle about 3 years ago

Status changed from New to Pull Request Review
Target version set to CE-Next

Actions

Copy link

Updated by Viktor Gurov almost 3 years ago

Status changed from Pull Request Review to Feedback
% Done changed from 0 to 100

Applied in changeset eea0b39cf362c2da011d2bf7f9b3a5f86ce7b2da.

Actions

Copy link

Updated by Jim Pingle almost 3 years ago

Target version changed from CE-Next to 2.6.0

Actions

Copy link

Updated by Jim Pingle almost 3 years ago

Plus Target Version set to 21.05

Actions

Copy link

Updated by Jim Pingle almost 3 years ago

Already in 21.05 branch.

Actions

Copy link

Updated by Jim Pingle almost 3 years ago

Subject changed from OpenVPN Client Export - Certificate Password is not sanitized from status_output to Sanitize OpenVPN Client Export certificate password in status output

Actions

Copy link

Updated by Jim Pingle almost 3 years ago

Target version changed from 2.6.0 to 2.5.2

Actions

Copy link

#10

Updated by Jim Pingle almost 3 years ago

Status changed from Feedback to Closed
Assignee set to Viktor Gurov

Works. Password is sanitized in the output.

        <vpn_openvpn_export>
            <serverconfig>
                <item>
                    <pass>xxxxx</pass>
                    <proxypass>xxxxx</proxypass>
                    <server>3</server>
                    <useaddr>serveraddr</useaddr>
                    <useaddr_hostname></useaddr_hostname>
                    <verifyservercn>auto</verifyservercn>
                    <blockoutsidedns></blockoutsidedns>
                    <legacy></legacy>
                    <randomlocalport></randomlocalport>
                    <usepkcs11></usepkcs11>
                    <pkcs11providers></pkcs11providers>
                    <usetoken></usetoken>
                    <usepass>yes</usepass>
                    <useproxy></useproxy>
                    <useproxytype>http</useproxytype>
                    <proxyaddr></proxyaddr>
                    <proxyport></proxyport>
                    <silent></silent>
                    <useproxypass>none</useproxypass>
                    <proxyuser>xxxxx</proxyuser>
                    <advancedoptions></advancedoptions>
                </item>
            </serverconfig>
            <defaultsettings></defaultsettings>
        </vpn_openvpn_export>

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Bug #11767

Sanitize OpenVPN Client Export certificate password in status output

Updated by Viktor Gurov about 3 years ago

Updated by Viktor Gurov about 3 years ago

Updated by Jim Pingle about 3 years ago

Updated by Viktor Gurov almost 3 years ago

Updated by Jim Pingle almost 3 years ago

Updated by Jim Pingle almost 3 years ago

Updated by Jim Pingle almost 3 years ago

Updated by Jim Pingle almost 3 years ago

Updated by Jim Pingle almost 3 years ago

Updated by Jim Pingle almost 3 years ago