Holger, thank you for raising this concern. I am discussing it with our product management group. Also thank you for posting your workaround.
Mark Singh Technical Support Team Manager Ipswitch, Inc. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Beck, Holger Sent: Thursday, December 15, 2005 4:03 AM To: [email protected] Subject: [WhatsUp Forum] WUP 2006 Security problem with MAC Address search Hello, after upgrading to WUP 2006 I noticed a problem with WUPs tools to locate a MAC address which for me is a critical security issue: WUP offers to all users (even a guest account) a drop dwon list with all SNMP credential configured in WUP. I don't, that it should be common practice to reveal passwords in web interfaces to the public. I would prefer a simple input box instead of this drop down list. And I need an option to restrict access to the tools to special users in WUP. As a quick and dirty workaround I just manipulated NetworkToolsManager.asp and removed this drop down list (without any replacement - so this feature can't work anymore). Regards Holger Beck e-Mail: [EMAIL PROTECTED] http://www.gwdg.de/~hbeck Phone: +49 551 201 1554 ________________________________________________________________GWDG Gesellschaft fuer wissenschaftliche Datenverarbeitung mbH Goettingen Am Fassberg Postfach 2841 Phone: +49 551 2 01 15 10 D-37077 Goettingen D-37018 Goettingen Fax: +49 551 2 01 21 50 Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/ Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/
