Tweet
Just had a pen test done on our servers and they have highlighted the following 2 files have cleartext passwords in them:
/home/virtfs/root/var/imunify360/i360deploy.sh
/var/imunify360/i360deploy.sh
------------------------------------snippet----------------------------------------
cat >/etc/yum.repos.d/imunify360.repo <<-EOF
[imunify360]
name=EL-$1 - Imunify360
baseurl=$checksite/el/$1/updates/x86_64/
username=defense360
password=[MASKED]
enabled=1
gpgcheck=1
gpgkey=$RPM_KEY
------------------------------------snippet----------------------------------------
Is there anything that we can do to recitfy this or can these files now be removed?
Thanks
/home/virtfs/root/var/imunify360/i360deploy.sh
/var/imunify360/i360deploy.sh
------------------------------------snippet----------------------------------------
cat >/etc/yum.repos.d/imunify360.repo <<-EOF
[imunify360]
name=EL-$1 - Imunify360
baseurl=$checksite/el/$1/updates/x86_64/
username=defense360
password=[MASKED]
enabled=1
gpgcheck=1
gpgkey=$RPM_KEY
------------------------------------snippet----------------------------------------
Is there anything that we can do to recitfy this or can these files now be removed?
Thanks
Comment