Actions
Bug #7563
closedPassiveDNS REST API token displayed to user on connection error
Start date:
03/01/2022
Due date:
% Done:
100%
Estimated time:
To be discussed:
Description
The complete URL is displayed to the user on communication error with external service. In case of PassiveDNS connection, the URL contains the access token, whích should be kept secret. The current token was already disclosed and must be regenerated, but this has to be also fixed.
Related issues
Updated by Radko Krkoš almost 3 years ago
- Related to Support #7564: Renew the PassiveDNS REST API token added
Updated by Radko Krkoš almost 3 years ago
The reported problem was detected here:
https://mentat-hub.cesnet.cz/mentat/pdnsr/search
Other points of communication between pDNS and Mentat were not analysed and might be also vulnerable.
Updated by Rajmund Hruška almost 3 years ago
- Assignee set to Rajmund Hruška
- Target version changed from Backlog to 2.9
Updated by Rajmund Hruška almost 3 years ago
- Status changed from New to Resolved
- % Done changed from 0 to 100
I fixed the error message in e626dcfa. I checked the other places where pdns is used and there shouldn't be any problems. I also looked at NERD to check if the similar problem exists there but it seems to be fine there.
Updated by Rajmund Hruška almost 3 years ago
- Status changed from Resolved to In Review
- To be discussed deleted (
Yes)
Merged into devel.
Updated by Pavel Kácha almost 3 years ago
- Status changed from In Review to Closed
Actions