You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cloudstack.apache.org by Matthew Smart <ms...@smartsoftwareinc.com> on 2016/08/11 12:14:49 UTC

VPN User/Pass printed in plain text during boot of VRouter

Sorry. My subject line was incorrect.

Hey guys,

I am new to Cloudstack and Apache (from a dev perspective) so forgive me 
if this is not the proper place for this... and let me know where I 
should be reporting issues like this.

I am getting Remote Access VPN configured in my test environment and in 
my debugging I noticed that if you view the VRouter's console while it 
is booting it prints out the vpn usernames and passwords in plaintext.

I am sure some debug statements just got left in by accident.

I am running Cloudstack 4.8.0 and using SystemVM Template version 4.6 
for KVM.

Thanks,

Matthew Smart
President
Smart Software Solutions Inc.
108 S Pierre St.
Pierre, SD 57501

Phone: (605) 280-0383
Skype: msmart13
Email: msmart@smartsoftwareinc.com

Re: VPN User/Pass printed in plain text during boot of VRouter

Posted by John Burwell <jo...@shapeblue.com>.

Matthew,

Thank you for the report.  I have forwarded this report to security@ for further investigation.

Thanks,
-John

> 
john.burwell@shapeblue.com 
www.shapeblue.com
53 Chandos Place, Covent Garden, London VA WC2N 4HSUK
@shapeblue
  
 

On Aug 11, 2016, at 8:14 AM, Matthew Smart <ms...@smartsoftwareinc.com> wrote:
> 
> Sorry. My subject line was incorrect.
> 
> Hey guys,
> 
> I am new to Cloudstack and Apache (from a dev perspective) so forgive me if this is not the proper place for this... and let me know where I should be reporting issues like this.
> 
> I am getting Remote Access VPN configured in my test environment and in my debugging I noticed that if you view the VRouter's console while it is booting it prints out the vpn usernames and passwords in plaintext.
> 
> I am sure some debug statements just got left in by accident.
> 
> I am running Cloudstack 4.8.0 and using SystemVM Template version 4.6 for KVM.
> 
> Thanks,
> 
> Matthew Smart
> President
> Smart Software Solutions Inc.
> 108 S Pierre St.
> Pierre, SD 57501
> 
> Phone: (605) 280-0383
> Skype: msmart13
> Email: msmart@smartsoftwareinc.com
> 
>