AD login password is stored in clear txt in the config.xml file
-
Version
2.1.2-RELEASE (amd64)
built on Thu Apr 10 05:42:13 EDT 2014
FreeBSD 8.3-RELEASE-p15Notice issue when configuring mailscanner pkg. I configured PFSense to authenticate with AD how ever I notice the password is being saved in config.xml file. The two location are as follows:
1)```
mailscanner
<antispam_location><postfixrecipients><config><freq><enable_ldap><row><dc><cn><username>xxxxx</username>
<password[b]>xxxxx[/b]</password[b]></cn></dc></row></enable_ldap></freq></config></postfixrecipients></antispam_location>2)``` <postgresqlhost><postgresqldatabase><postgresqlusername>XXXXX</postgresqlusername> <postgresqlpassword>XXXXX</postgresqlpassword></postgresqldatabase></postgresqlhost>
Please advise
-
https://doc.pfsense.org/index.php/Why_are_some_passwords_stored_in_plaintext_in_config.xml