Page MenuHomeVyOS Platform

RADIUS shared secret is not redacted from "show configuration" op mode command
Closed, ResolvedPublicBUG

Description

When issuing a show configuration command from op-mode private information is redacted from e.g. user names or VPN private keys. The RADIUS shared-secret is not redacted - but it should.

system {
    login {
        radius-server 192.0.2.1 {
            port 1812
            secret secret123
            timeout 2
        }
        user admin {
            authentication {
                encrypted-password ****************
                plaintext-password ****************
            }

            level admin
        }
    }

Details

Difficulty level
Easy (less than an hour)
Version
1.2.3
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

syncer edited projects, added VyOS 1.3 Equuleus; removed VyOS 1.2 Crux.
c-po closed this task as Resolved.EditedMar 8 2020, 3:10 PM

already resolved in latest rolling due to rename of the node from secret to key.

https://github.com/vyos/vyatta-op/blob/current/scripts/vyos-strip-config.pl#L135

erkin set Issue type to Bug (incorrect behavior).Aug 31 2021, 6:27 PM