Hi list,
Here is my problem ... I see all password in clear text on my server.
In PF configuration : /usr/local/pf/conf/pf.conf
We can find the password of the MySQL database (ie pass=p@ck3tf3nc3).
I connect to the DB with this password.
Now i can see all the tables used in PF. And i can see all user passwords
in table 'temporary_password'.
Next i try to change the admin password in the DB and it works !
This is a security issue ? How to remedy this problem and replace passwords
by hashes ?
Here commands i used (non root) :
*
grep -E '(pass(word)?=).*' -nR --color /usr/local/pf/conf/
mysql -u pf -pp@ck3tf3nc3 pf
SHOW TABLES;
SELECT * from temporary_password;
UPDATE temporary_password SET password='123456' WHERE pid='admin';*
and connect to the admin web interface.
Thx for your reply :)
Regards
Olive
PS:Sorry for my bad english...
------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and
AppDynamics. Performance Central is your source for news, insights,
analysis and resources for efficient Application Performance Management.
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
