Bug #16837: Network UPS Tools Cleartext Authentication - enable StartTLS - pfSense Packages - pfSense bugtracker

Actions

Copy link

Bug #16837

open

Network UPS Tools Cleartext Authentication - enable StartTLS

Added by A A 24 days ago. Updated 16 days ago.

Status:

Incomplete

Priority:

Normal

Assignee:

Category:

Nut

Target version:

Start date:

Due date:

% Done:

Estimated time:

Plus Target Version:

Affected Version:

2.8.x

Affected Plus Version:

26.03

Affected Architecture:

Description

I ran a Nessus Scan and it came up with a finding to enable StartTLS for NUT. I would please request this feature be enabled to allow for encrypted channels. This is the finding below

Description

The remote Network UPS Tools does not support exchanging credentials through an encrypted channel. An unauthenticated, remote attacker can exploit this to perform a man-in-the-middle attack, intercept credentials, and alter the settings on the UPS that the server manages.

Solution
Enable StartTLS support on the server using the 'CERTFILE' directive.

NUT Version: 2.8.2_9

Files

2026-05-04_13-05-12.jpg (145 KB) 2026-05-04_13-05-12.jpg

A A, 05/20/2026 11:55 AM

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense » pfSense Packages

Custom queries

Bug #16837

Network UPS Tools Cleartext Authentication - enable StartTLS

Updated by Kris Phillips 19 days ago

Updated by A A 16 days ago