Hi list, Here is my problem ... I see all password in clear text on my server.
In PF configuration : /usr/local/pf/conf/pf.conf We can find the password of the MySQL database (ie pass=p@ck3tf3nc3). I connect to the DB with this password. Now i can see all the tables used in PF. And i can see all user passwords in table 'temporary_password'. Next i try to change the admin password in the DB and it works ! This is a security issue ? How to remedy this problem and replace passwords by hashes ? Here commands i used (non root) : grep -E '(pass(word)?=).*' -nR --color /usr/local/pf/conf/ mysql -u pf -pp@ck3tf3nc3 pf SHOW TABLES; SELECT * from temporary_password; UPDATE temporary_password SET password='123456' WHERE pid='admin'; and connect to the admin web interface. Thx for your reply :) Regards Olive ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
