Friday, November 30, 2018

Re: burp (re-)installs /etc/burp/clientconfdir/testclient

On 2018/11/30 08:21, Florian Obser wrote:
> /etc/burp/clientconfdir/testclient contains a well known password
> (it's simmilar to the combination on my luggage).
>
> So on installation I remove that file.
> An upgrade puts it back. That seems... unwise.
>
> The way I understand things anyone who can connect to the burp server
> can request a cert with that password for CN testclient and then force
> a backup run.
>
> Can we maybe not do that?
>
> Thanks,
> Florian
>
> --
> I'm not entirely sure you are real.
>

Fixed that, here's an updated tgz for 2.2 with the same changes applied.

No comments:

Post a Comment