Bug #3766: Unhashed plain passwords saved by 2 packages (one a shell login package) - pfSense Packages - pfSense bugtracker

Actions

Copy link

Bug #3766

closed

Unhashed plain passwords saved by 2 packages (one a shell login package)

Added by Stilez y almost 11 years ago. Updated about 9 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Category:

Target version:

Start date:

07/19/2014

Due date:

% Done:

Estimated time:

Plus Target Version:

Affected Version:

Affected Plus Version:

Affected Architecture:

Description

In the saved config.xml, user passwords are (?salted and) hashed, and so are PPP passwords.

But passwords for Anyterm and Ntop are stored in plain text in the XML file.

As a remote shell login package, Anyterm's password and probably also username, really should be salted+hashed, as both are part of the authentication data to be entered by the remote user during their login process.

Actions

Copy link

Updated by Kill Bill about 10 years ago

Anyterm package no longer exists. Plus really, https://doc.pfsense.org/index.php/Why_are_some_passwords_stored_in_plaintext_in_config.xml

Actions

Copy link

Updated by Chris Buechler about 9 years ago

Status changed from New to Closed

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense » pfSense Packages

Custom queries

Bug #3766

Unhashed plain passwords saved by 2 packages (one a shell login package)

Updated by Kill Bill about 10 years ago

Updated by Chris Buechler about 9 years ago