[ZBX-24144] snmp private community gets saved in clear text in database Created: 2024 Feb 24 Updated: 2024 Mar 06 Resolved: 2024 Mar 06 |
|
| Status: | Closed |
| Project: | ZABBIX BUGS AND ISSUES |
| Component/s: | None |
| Affects Version/s: | 6.4.11 |
| Fix Version/s: | None |
| Type: | Defect (Security) | Priority: | Trivial |
| Reporter: | Matthew Perry | Assignee: | Aigars Kadikis |
| Resolution: | Won't Do | Votes: | 0 |
| Labels: | database | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Description |
|
Steps to reproduce:
Result: community is displayed in webinterface the same as in database Expected: either a placeholder should be used in webinterface configuration or the database should handle the private community string as password. What it is in reality! Save it with SHA256-srcam or something |
| Comments |
| Comment by Arkadiusz Zyla [ 2024 Feb 26 ] |
|
Dear mamema , Thank you for contacting Zabbix support. We have had a look into the issue which you have reported and we concluded that this behaviour is by design and is working as expected. However Zabbix can be configured to store sensitive user macro values and database access credentials in external vaults which resolves the issue pinpointed in the description. For more information on external vaults in Zabbix please refer to official Zabbix documentation:
Regards, Arkadiusz |
| Comment by Arkadiusz Zyla [ 2024 Mar 06 ] |
|
Hello Matthew, Thank you for your input and for caring about the security of the product. Regards, |