Details
-
Story
-
Status: Resolved (View Workflow)
-
Minor
-
Resolution: Fixed
-
Next
-
None
-
Security Level: Default (Default Security Scheme)
-
3
-
Horizon 22 - April 13 - 27, Horizon - April 27 - May 11
Description
When opening a connection to a remote device, we should verify the host key against a known fingerprint. This fingerprint should be stored in metadata. This can be opt-in by not doing a check if no host-key is assigned.
Without host-key checking, we will send the username/password credentials to every host on which the monitor is configured. This could potentially leak the credentials..