Skip navigation

BAO Adapter credentials security threats

score 115
You have not voted. Delivered

There are multiple security threats for adapter credentials which user configured in BAO.

1. Admin user can go to Adapter configuration and switch to XML and see password

2. Bladelogic adapter uses password for blcred commands to keep BSA NSH session live. Logs have clear plain password.

 

These are very serious security threats as anyone can see BLAdmins password which is configured.

These passwords should be encrypted some way when user switch to XML view / internally in the logs while performing operations

 

Thanks,

Bala Dengale

Comments

Vote history