Page MenuHomeVyOS Platform

RADIUS shared secret is not redacted from "show configuration" op mode command
Closed, ResolvedPublicBUG

Description

When issuing a show configuration command from op-mode private information is redacted from e.g. user names or VPN private keys. The RADIUS shared-secret is not redacted - but it should.

system {
    login {
        radius-server 192.0.2.1 {
            port 1812
            secret secret123
            timeout 2
        }
        user admin {
            authentication {
                encrypted-password ****************
                plaintext-password ****************
            }

            level admin
        }
    }

Details

Difficulty level
Easy (less than an hour)
Version
1.2.3
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

c-po created this task.Oct 22 2019, 11:03 PM
pasik added a subscriber: pasik.Oct 27 2019, 5:41 PM
syncer triaged this task as Low priority.Nov 16 2019, 10:56 PM
syncer edited projects, added VyOS 1.3 Equuleus; removed VyOS 1.2 Crux.
c-po closed this task as Resolved.EditedMar 8 2020, 3:10 PM

already resolved in latest rolling due to rename of the node from secret to key.

https://github.com/vyos/vyatta-op/blob/current/scripts/vyos-strip-config.pl#L135

c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Mar 22 2020, 8:52 AM