PFsense config storing plaintext passowrds world readable



  • Hello to all!

    I will cut straight to the case.
    i am using pfsense 2.4.2-RELEASE-p1 in HA solution.

    I have enabled PFsync and config synchronization as well as snort and snort config sync.

    Now what has taken my attention is that both the HA settings part and snort sync settings part are being written in /cf/conf/config.xml. This wouldnt necessarily be bad, but what makes me really worried is that the main config file is world readable. This is really terrible since both HA and snort sync setting require the remote system admin password (any user with ability to change configs is effectively admin). This leads to a world readable file containing a root account password in plain text. And since HA requires all systems to have the same password for the used admin user for the HA to work, (cant remember where exactly I read this, so it may not be true)  this means, that the whole HA cluster is compromised.

    I would like to know if I`m overreacting to this or this really has slipped by everyone and is 100% deal breaking.
    Could someone please calm me down/educate me in this regard?

    Thank you!



  • @jimp:

    Also, on 2.4.x you do not need to use admin for this. Create a new user for synchronizing and give it the "System - HA node sync" privilege. Once that user synchronizes to both nodes you can then set that user/pass as the sync user on the primary under System > High Avail Sync.


  • LAYER 8 Global Moderator

    Link to thread that heper quoted
    https://forum.pfsense.org/index.php?topic=143615.0



  • Thanks to the both of You!

    This cleared it up!

    I`m (at least a little) relieved.


  • Rebel Alliance Developer Netgate

    https://doc.pfsense.org/index.php/Why_are_some_passwords_stored_in_plaintext_in_config.xml

    If you are worried about someone seeing the contents of config.xml, then they shouldn't have access to anything that can read config.xml.


Log in to reply