Announcement

Collapse
No announcement yet.

i360deploy.sh with cleartext password

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • i360deploy.sh with cleartext password

    Just had a pen test done on our servers and they have highlighted the following 2 files have cleartext passwords in them:

    /home/virtfs/root/var/imunify360/i360deploy.sh
    /var/imunify360/i360deploy.sh

    ------------------------------------snippet----------------------------------------
    cat >/etc/yum.repos.d/imunify360.repo <<-EOF
    [imunify360]
    name=EL-$1 - Imunify360
    baseurl=$checksite/el/$1/updates/x86_64/
    username=defense360
    password=[MASKED]
    enabled=1
    gpgcheck=1
    gpgkey=$RPM_KEY
    ------------------------------------snippet----------------------------------------

    Is there anything that we can do to recitfy this or can these files now be removed?

    Thanks

  • #2
    Hello Leigh,
    We are working on this issue. Get back to you later with a response.
    Thanks!

    Comment


    • #3
      Dont worry about that password. It is not really a password. Repository is specifically encoded with same username / same password for most people.
      It is not meant to protect / secure anything.

      Comment


      • #4
        Great, thanks for your help with this.

        Comment

        Working...
        X