Hi,
Is there a timeline for a potential patch for this? https://www.exploit-db.com/exploits/49527
I see that your company is aware of the issue and are working on a patch.
Thanks again.
2.17.0 vulnerability
Re: 2.17.0 vulnerability
Hi,
there is no timeline at the moment.
The admin credentials have been stored as plain text since the first release of SFS2X. The best way to secure such credentials is to use the permission system in your OS. In other words you should make sure that the config files are only accessible only to people with specific permissions in the system (e.g. root, admin etc...)
Using encryption for SFS2X config files would introduce many different issues. The most prominent is that if the server fails to start up due to errors in config files you will be locked out of the server and unable to fix the issue, since those files are illegible.
Hope it helps
there is no timeline at the moment.
The admin credentials have been stored as plain text since the first release of SFS2X. The best way to secure such credentials is to use the permission system in your OS. In other words you should make sure that the config files are only accessible only to people with specific permissions in the system (e.g. root, admin etc...)
Using encryption for SFS2X config files would introduce many different issues. The most prominent is that if the server fails to start up due to errors in config files you will be locked out of the server and unable to fix the issue, since those files are illegible.
Hope it helps
Who is online
Users browsing this forum: kapacb and 69 guests