Actions
Bug #12810
closed
Sanitize SHA-512 user password hashes in ``status.php`` output
Start date:
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
22.05
Release Notes:
Default
Affected Version:
2.6.0
Affected Architecture:
Description
config-sanitized.xml sample:
<codeclass='xml'>
<user>
<scope>user</scope>
<sha512-hash>$6$28af93d5de170726$Gfo0na/bvs3pheMnTnW97UybrRiHKWvAsUnWPiNW4u3baG1bGKJvW5GFRM.NDXdc1tS4DKZvJNRameBz7HwZc1</sha512-hash>
<descr></descr>
<name>testuser</name>
<expires></expires>
<dashboardcolumns>2</dashboardcolumns>
<authorizedkeys>xxxxx</authorizedkeys>
<ipsecpsk>xxxxx</ipsecpsk>
<webguicss>pfSense.css</webguicss>
<uid>2001</uid>
</user>
Updated by Viktor Gurov almost 3 years ago
Updated by Jim Pingle almost 3 years ago
- Status changed from New to Pull Request Review
- Assignee set to Viktor Gurov
- Target version set to 2.7.0
- Plus Target Version set to 22.05
Updated by Viktor Gurov almost 3 years ago
- Status changed from Pull Request Review to Feedback
- % Done changed from 0 to 100
Applied in changeset c7dd367324cf1cdc5fe518482515f0605471c702.
Updated by Danilo Zrenjanin almost 3 years ago
- Status changed from Feedback to Resolved
Tested:
2.7.0-DEVELOPMENT (amd64) built on Fri Feb 18 06:13:57 UTC 2022 FreeBSD 12.3-STABLE
Looks good.
<user> <name>admin</name> <descr><![CDATA[System Administrator]]></descr> <scope>system</scope> <groupname>admins</groupname> <sha512-hash>xxxxx</sha512-hash> <uid>0</uid> <priv>user-shell-access</priv> </user>
Updated by Jim Pingle over 2 years ago
- Subject changed from status.php does not sanitize users sha512 hashed passwords to Sanitize SHA-512 user password hashes in ``status.php`` output
Updating subject for release notes.
Actions