PFsense config storing plaintext passowrds world readable
Hello to all!
I will cut straight to the case.
i am using pfsense 2.4.2-RELEASE-p1 in HA solution.
I have enabled PFsync and config synchronization as well as snort and snort config sync.
Now what has taken my attention is that both the HA settings part and snort sync settings part are being written in /cf/conf/config.xml. This wouldn
t necessarily be bad, but what makes me really worried is that the main config file is world readable. This is really terrible since both HA and snort sync setting require the remote system admin password (any user with ability to change configs is effectively admin). This leads to a world readable file containing a root account password in plain text. And since HA requires all systems to have the same password for the used admin user for the HA to work, (cant remember where exactly I read this, so it may not be true) this means, that the whole HA cluster is compromised.
I would like to know if I`m overreacting to this or this really has slipped by everyone and is 100% deal breaking.
Could someone please calm me down/educate me in this regard?
Also, on 2.4.x you do not need to use admin for this. Create a new user for synchronizing and give it the "System - HA node sync" privilege. Once that user synchronizes to both nodes you can then set that user/pass as the sync user on the primary under System > High Avail Sync.
Link to thread that heper quoted
Thanks to the both of You!
This cleared it up!
I`m (at least a little) relieved.
If you are worried about someone seeing the contents of config.xml, then they shouldn't have access to anything that can read config.xml.