Bug #16837: Network UPS Tools Cleartext Authentication - enable StartTLS - pfSense Packages - pfSense bugtracker

Actions

Copy link

Bug #16837

open

Network UPS Tools Cleartext Authentication - enable StartTLS

Added by A A 1 day ago.

Status:

New

Priority:

Normal

Assignee:

Category:

Nut

Target version:

Start date:

Due date:

% Done:

Estimated time:

Plus Target Version:

Affected Version:

2.8.x

Affected Plus Version:

26.03

Affected Architecture:

Description

I ran a Nessus Scan and it came up with a finding to enable StartTLS for NUT. I would please request this feature be enabled to allow for encrypted channels. This is the finding below

Description

The remote Network UPS Tools does not support exchanging credentials through an encrypted channel. An unauthenticated, remote attacker can exploit this to perform a man-in-the-middle attack, intercept credentials, and alter the settings on the UPS that the server manages.

Solution
Enable StartTLS support on the server using the 'CERTFILE' directive.

NUT Version: 2.8.2_9

No data to display

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense » pfSense Packages

Custom queries

Bug #16837

Network UPS Tools Cleartext Authentication - enable StartTLS