[rancid] No Password required to read Configs.
nickyicebrown at gmail.com
Thu Apr 8 16:07:21 UTC 2010
We have a Rancid installation on an internal IP. Everything is pretty much
default and only our Cisco devices are managed through Rancid. I just
noticed a truck sized hole in my config however.
If you enter http://192.168.32.2/cgi-bin/cvsweb.cgi/ on your browser, you
can access the config files for all our devices without a password.
I have limited the IPs which can reach port 80 but that is far from enough.
What must I change to protect this data? Is there a howto? Did I miss a
section of the installation manual?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Rancid-discuss