[rancid] No Password required to read Configs.
Nicky Brown
nickyicebrown at gmail.com
Thu Apr 8 16:07:21 UTC 2010
Hi All,
We have a Rancid installation on an internal IP. Everything is pretty much
default and only our Cisco devices are managed through Rancid. I just
noticed a truck sized hole in my config however.
If you enter http://192.168.32.2/cgi-bin/cvsweb.cgi/ on your browser, you
can access the config files for all our devices without a password.
I have limited the IPs which can reach port 80 but that is far from enough.
What must I change to protect this data? Is there a howto? Did I miss a
section of the installation manual?
Nicky.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20100408/803b21d8/attachment.html
More information about the Rancid-discuss
mailing list