secret exposed in debug mode #1267

Closed
alanbuxey opened this Issue Sep 24, 2015 · 1 comment

Projects

None yet

2 participants

@alanbuxey
Member

usually, shared secrets are <<<secret>>> when running in the basic -X debug mode.

however, if an entry in proxy.conf is using

authhost = 
accthost =

method, then the shared_secret gets exposed!

realm donkey.com {
        authhost        = 192.168.200.10
        secret  = your_shared_secret
        status_check = status-server
        nostrip
}

debug:

 realm donkey.com {
    nostrip
    authhost = 192.168.200.10
    secret = your_shared_secret
 }

but:

realm donkey.com {
        type = auth
        ipaddr  = 192.168.200.10
        secret  = your_shared_secret
        status_check = status-server
        nostrip
}

debug:

 realm donkey.com {
    nostrip
 }

hmmm....why doesnt it print the method, ipaddr etc?

@alandekok
Member

hmmm....why doesnt it print the method, ipaddr etc?

Because they're not allowed in a "realm" section. See the docs and examples.

There is no status_check or ipaddr or type in a realm section.

@alandekok alandekok closed this in 9515c8f Sep 24, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment