Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-6403

Security Information disclosed in Service detail screen

    XMLWordPrintable

    Details

      Description

      Creating issue on behalf of a support customer, see https://mynms.opennms.com/Ticket/Display.html?id=2778. Restricting visibility until fixed. Body of ticket follows.

      We have a Page Sequence Monitor that is using user id and password information and this information is shown to our NOC members on the following page, opennms/element/service.jsp Attached is screen shot of what I am describing (security details masked out).

      Ideally, it would be good to have all the page sequence info except for this
      information shown in the service details. This is an especially bad scenario if you had Anonymous access enabled for the site. For now, we have to restrict who can have access to openNMS. This user restriction is the only reason I have marked this as minor since there are concievably work-arounds but other customers can reasonably argue this is more serious.

        Attachments

          Activity

            People

            Assignee:
            agalue Alejandro Galue
            Reporter:
            jeffg Jeff Gehlbach
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: