Project

General

Profile

Actions

Bug #12810

closed

Sanitize SHA-512 user password hashes in ``status.php`` output

Added by Viktor Gurov about 2 years ago. Updated about 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
Viktor Gurov
Category:
Backup / Restore
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
22.05
Release Notes:
Default
Affected Version:
2.6.0
Affected Architecture:

Description

config-sanitized.xml sample:

<codeclass='xml'>
        <user>
            <scope>user</scope>
            <sha512-hash>$6$28af93d5de170726$Gfo0na/bvs3pheMnTnW97UybrRiHKWvAsUnWPiNW4u3baG1bGKJvW5GFRM.NDXdc1tS4DKZvJNRameBz7HwZc1</sha512-hash>
            <descr></descr>
            <name>testuser</name>
            <expires></expires>
            <dashboardcolumns>2</dashboardcolumns>
            <authorizedkeys>xxxxx</authorizedkeys>
            <ipsecpsk>xxxxx</ipsecpsk>
            <webguicss>pfSense.css</webguicss>
            <uid>2001</uid>
        </user>

Actions #2

Updated by Jim Pingle about 2 years ago

  • Status changed from New to Pull Request Review
  • Assignee set to Viktor Gurov
  • Target version set to 2.7.0
  • Plus Target Version set to 22.05
Actions #3

Updated by Viktor Gurov about 2 years ago

  • Status changed from Pull Request Review to Feedback
  • % Done changed from 0 to 100
Actions #4

Updated by Danilo Zrenjanin about 2 years ago

  • Status changed from Feedback to Resolved

Tested:

2.7.0-DEVELOPMENT (amd64)
built on Fri Feb 18 06:13:57 UTC 2022
FreeBSD 12.3-STABLE

Looks good.

<user>
<name>admin</name>
<descr><![CDATA[System Administrator]]></descr>
<scope>system</scope>
<groupname>admins</groupname>
<sha512-hash>xxxxx</sha512-hash>
<uid>0</uid>
<priv>user-shell-access</priv>
</user>
Actions #5

Updated by Jim Pingle almost 2 years ago

  • Subject changed from status.php does not sanitize users sha512 hashed passwords to Sanitize SHA-512 user password hashes in ``status.php`` output

Updating subject for release notes.

Actions #6

Updated by Jim Pingle about 1 year ago

  • Private changed from Yes to No
Actions

Also available in: Atom PDF