AD login password is stored in clear txt in the config.xml file



  • Version

    2.1.2-RELEASE (amd64)
    built on Thu Apr 10 05:42:13 EDT 2014
    FreeBSD 8.3-RELEASE-p15

    Notice issue when configuring mailscanner pkg.  I configured PFSense to authenticate with AD how ever I notice the password is being saved in config.xml file.  The two location are as follows:

    1)```
    mailscanner
    <antispam_location><postfixrecipients><config><freq><enable_ldap><row><dc><cn><username>xxxxx</username>
    <password[b]>xxxxx[/b]</password[b]></cn></dc></row></enable_ldap></freq></config></postfixrecipients></antispam_location>

    
    2)```
     <postgresqlhost><postgresqldatabase><postgresqlusername>XXXXX</postgresqlusername>
    				<postgresqlpassword>XXXXX</postgresqlpassword></postgresqldatabase></postgresqlhost> 
    

    Please advise