i360deploy.sh with cleartext password
Forum
  1. Forums
  2. Imunify360
  3. Imunify360 and Imunify Sensor
  1. Leigh
  2. 10.03.2020
  3.  Subscribe via email
Just had a pen test done on our servers and they have highlighted the following 2 files have cleartext passwords in them:

/home/virtfs/root/var/imunify360/i360deploy.sh
/var/imunify360/i360deploy.sh

------------------------------------snippet----------------------------------------
cat >/etc/yum.repos.d/imunify360.repo <<-EOF
[imunify360]
name=EL-$1 - Imunify360
baseurl=$checksite/el/$1/updates/x86_64/
username=defense360
password=[MASKED]
enabled=1
gpgcheck=1
gpgkey=$RPM_KEY
------------------------------------snippet----------------------------------------

Is there anything that we can do to recitfy this or can these files now be removed?

Thanks
Rate this post:
  1. 10.03.2020 18:03:58
  2. # 1
Sergey Khristich Accepted Answer
Posts: 338
Joined: 20.05.2019
0
Votes
Undo
Hello Leigh,
We are working on this issue. Get back to you later with a response.
Thanks!
Marketing Manager
  1. 10.03.2020 18:03:29
  2. # 2
Igor Seletskiy Accepted Answer
Posts: 1201
Joined: 09.02.2010
0
Votes
Undo
Don't worry about that password. It is not really a password. Repository is specifically encoded with same username / same password for most people.
It is not meant to protect / secure anything.
  1. 12.03.2020 11:03:34
  2. # 3
Leigh Accepted Answer
Posts: 2
Joined: 08.11.2018
0
Votes
Undo
Great, thanks for your help with this.
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.