View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005172 | unreal | ircd | public | 2018-12-17 16:08 | 2018-12-19 13:04 |
| Reporter | Jellis | Assigned To | syzop | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 4.2.0 | ||||
| Target Version | 4.2.1 | Fixed in Version | 4.2.1 | ||
| Summary | 0005172: Hide remote includes auth information | ||||
| Description | When a remote include can not be accessed, the IRCd outputs a warning to all operators the file can not be read/found/accessed/... and using the cached version instead, this is great! However, when those links have a password protection (they CAN contain sensetive information like plain passwords in some cases) an oper *could* get access to passwords he/she is not entitled too because the output of the warning also gives the link username:password information wich should be masked for security reasons. -irc.sever.example- *** [warning] /home/serverexample/unrealircd/conf/unrealircd.conf:1: include: error downloading 'https://MASKED:[email protected]/irc-server-config/server.conf': Operation timed out after 15001 milliseconds with 0 out of 0 bytes received -- using cached version instead. | ||||
| Steps To Reproduce | Have a password protected include file in unrealircd.conf wich is not accessible. | ||||
| Additional Information | The MASKED:MASKED should be hidden or masked instead of showing the auth credentials. | ||||
| Tags | No tags attached. | ||||
| 3rd party modules | |||||
|
|
Thanks for the report. Will definitely look at that. |
|
|
Fixed, thanks again! It now shows as http://***:***@host/etc/etc/etc https://github.com/unrealircd/unrealircd/commit/56a964bba1c18210c4d90e5ca741d3d7b698d353 commit 56a964bba1c18210c4d90e5ca741d3d7b698d353 (HEAD -> unreal42, origin/unreal42) Author: Bram Matthys <[email protected]> Date: Wed Dec 19 13:02:36 2018 +0100 Hide remote includes auth information in error messages. Reported by Jellis in https://bugs.unrealircd.org/view.php?id=5172 |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2018-12-17 16:08 | Jellis | New Issue | |
| 2018-12-17 17:26 | syzop | Assigned To | => syzop |
| 2018-12-17 17:26 | syzop | Status | new => confirmed |
| 2018-12-17 17:26 | syzop | Note Added: 0020409 | |
| 2018-12-17 17:26 | syzop | Target Version | => 4.2.1 |
| 2018-12-19 13:04 | syzop | Status | confirmed => resolved |
| 2018-12-19 13:04 | syzop | Resolution | open => fixed |
| 2018-12-19 13:04 | syzop | Fixed in Version | => 4.2.1 |
| 2018-12-19 13:04 | syzop | Note Added: 0020410 | |
| 2018-12-19 13:04 | syzop | Priority | high => normal |
| 2018-12-19 13:04 | syzop | Severity | tweak => minor |
