[rancid] No Password required to read Configs.

Nicky Brown nickyicebrown at gmail.com
Thu Apr 8 16:07:21 UTC 2010

Hi All,

We have a Rancid installation on an internal IP.  Everything is pretty much
default and only our Cisco devices are managed through Rancid.  I just
noticed a truck sized hole in my config however.

If you enter   on your browser, you
can access the config files for all our devices without a password.

I have limited the IPs which can reach port 80 but that is far from enough.
What must I change to protect this data?  Is there a howto?  Did I miss a
section of the installation manual?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100408/803b21d8/attachment.html 

More information about the Rancid-discuss mailing list