Project

General

Profile

Actions

Bug #12199

closed

ipsec pre-shared keys are stored in cleartext

Added by Stefan Bauer over 3 years ago. Updated 2 months ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

If one adds a pre-shared key via VPN -> IPSec -> Pre-Shared Keys, these keys are visible and stored in cleartext.
Please store this sensitive informations encrypted like when adding a user password.

Actions #2

Updated by Alex Kolesnik 2 months ago

Hi Jim. Is there a chance to hide passwords from the Pre-shared keys page (/vpn_ipsec_keys.php)? I'd suggest to add controls to show/ide an individual password or all passwords at once. I believe that would improve the security posture even when we all know that the passwords can be retrieved. At least they would be hidden from an unintentional disclosure.

Actions

Also available in: Atom PDF