Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-12146

opennms user credentials wrongly exposed

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved (View Workflow)
    • Minor
    • Resolution: Fixed
    • 24.1.1
    • None
    • Security Level: Default (Default Security Scheme)
    • Horizon 22 - Feb 2 - Feb 16, Horizon 22 - Feb 16 - Mar 2
    • Reviewed

    Description

      1. quick-add node from user non-admin
      2. supply mandatory data
      3. tick 'No SNMP' checkbox
      4. leave "CLI Authentication Parameters" section blank
      5. supply some asset info (i.e. longitude/latitude from UI), when editing asset info
      username/password fields are already filled (but user's attention is directed to other)
      6. I've found username and password used to login into OpenNMS
      written in table 'assets' of database and exposed in clear text getting asset info of just
      added node using ReST interface
      This is quite dangerous

      Attachments

        Issue Links

          Activity

            People

              geraldhumphries Gerald Humphries
              caminac Carlo Caminati
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.