/etc/burp/clientconfdir/testclient contains a well known password
(it's simmilar to the combination on my luggage).
So on installation I remove that file.
An upgrade puts it back. That seems... unwise.
The way I understand things anyone who can connect to the burp server
can request a cert with that password for CN testclient and then force
a backup run.
Can we maybe not do that?
Thanks,
Florian
--
I'm not entirely sure you are real.
No comments:
Post a Comment