cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Burwell <john.burw...@shapeblue.com>
Subject Re: VPN User/Pass printed in plain text during boot of VRouter
Date Thu, 11 Aug 2016 15:28:13 GMT
Matthew,

Thank you for the report.  I have forwarded this report to security@ for further investigation.

Thanks,
-John

> 
john.burwell@shapeblue.comĀ 
www.shapeblue.com
53 Chandos Place, Covent Garden, London VA WC2N 4HSUK
@shapeblue
  
 

On Aug 11, 2016, at 8:14 AM, Matthew Smart <msmart@smartsoftwareinc.com> wrote:
> 
> Sorry. My subject line was incorrect.
> 
> Hey guys,
> 
> I am new to Cloudstack and Apache (from a dev perspective) so forgive me if this is not
the proper place for this... and let me know where I should be reporting issues like this.
> 
> I am getting Remote Access VPN configured in my test environment and in my debugging
I noticed that if you view the VRouter's console while it is booting it prints out the vpn
usernames and passwords in plaintext.
> 
> I am sure some debug statements just got left in by accident.
> 
> I am running Cloudstack 4.8.0 and using SystemVM Template version 4.6 for KVM.
> 
> Thanks,
> 
> Matthew Smart
> President
> Smart Software Solutions Inc.
> 108 S Pierre St.
> Pierre, SD 57501
> 
> Phone: (605) 280-0383
> Skype: msmart13
> Email: msmart@smartsoftwareinc.com
> 
> 

Mime
View raw message