Project

General

Profile

Actions

Bug #11769

closed

Sanitize Captive Portal RADIUS MAC secret in status output

Added by Viktor Gurov almost 3 years ago. Updated almost 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Viktor Gurov
Category:
Diagnostics
Target version:
Start date:
04/01/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
21.05
Release Notes:
Default
Affected Version:
2.5.0
Affected Architecture:

Description

RADIUS MAC Secret (`<radmac_secret>`) is not sanitized:

...
 <captiveportal>
        <cpzone1>
            <zone>CPZONE1</zone>
            <descr></descr>
            <localauth_priv></localauth_priv>
            <zoneid>2</zoneid>
            <interface>lan</interface>
            <maxproc></maxproc>
            <timeout></timeout>
            <idletimeout></idletimeout>
            <trafficquota></trafficquota>
            <freelogins_count></freelogins_count>
            <freelogins_resettimeout></freelogins_resettimeout>
            <enable></enable>
            <auth_method>radmac</auth_method>
            <auth_server>radius - LocalRADIUS</auth_server>
            <auth_server2></auth_server2>
            <radacct_server>LocalRADIUS</radacct_server>
            <radacct_enable></radacct_enable>
            <reauthenticate></reauthenticate>
            <radmac_secret>password123</radmac_secret>
            <reauthenticateacct>stopstartfreeradius</reauthenticateacct>
            <httpsname></httpsname>
            <preauthurl></preauthurl>
            <blockedmacsurl></blockedmacsurl>

Actions #2

Updated by Jim Pingle almost 3 years ago

  • Status changed from New to Pull Request Review
  • Target version set to CE-Next
Actions #3

Updated by Jim Pingle almost 3 years ago

  • Status changed from Pull Request Review to Feedback
  • Target version changed from CE-Next to 2.6.0

PR was merged yesterday.

Actions #4

Updated by Jim Pingle almost 3 years ago

  • Plus Target Version set to 21.05
Actions #5

Updated by Jim Pingle almost 3 years ago

Already in 21.05 branch.

Actions #6

Updated by Jim Pingle almost 3 years ago

  • Subject changed from Captive Portal RADIUS MAC Secret is not sanitized to Sanitize Captive Portal RADIUS MAC secret in status output

Updating subject for release notes.

Actions #7

Updated by Max Leighton almost 3 years ago

  • Status changed from Feedback to Resolved

Tested in

2.6.0-DEVELOPMENT (amd64)
built on Sat May 22 01:04:36 EDT 2021
FreeBSD 12.2-STABLE

radmac_secret is now sanitized in the status_output. Marking the ticket resolved.

Actions #8

Updated by Jim Pingle almost 3 years ago

  • Target version changed from 2.6.0 to 2.5.2
Actions #9

Updated by Renato Botelho almost 3 years ago

  • Assignee set to Viktor Gurov
Actions

Also available in: Atom PDF