Actions
Bug #12199
closedipsec pre-shared keys are stored in cleartext
Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:
Description
If one adds a pre-shared key via VPN -> IPSec -> Pre-Shared Keys, these keys are visible and stored in cleartext.
Please store this sensitive informations encrypted like when adding a user password.
Updated by Jim Pingle over 3 years ago
- Status changed from New to Not a Bug
Updated by Alex Kolesnik 2 months ago
Hi Jim. Is there a chance to hide passwords from the Pre-shared keys page (/vpn_ipsec_keys.php)? I'd suggest to add controls to show/ide an individual password or all passwords at once. I believe that would improve the security posture even when we all know that the passwords can be retrieved. At least they would be hidden from an unintentional disclosure.
Actions