irrd version 4.2.6 exposes password/MD5-PW on email notifications
Closed this issue · 0 comments
troy2914 commented
RIPE server shows:
OBJECT BELOW MODIFIED:
@@ -14,3 +14,3 @@
created: 2009-12-08T19:26:41Z
-last-modified: 2022-08-02T14:00:35Z
+last-modified: 2023-01-05T18:36:50Z
source: RIPE # Filtered
THIS IS THE NEW VERSION OF THE OBJECT:
mntner: MAINT-NTTCOM-BB
descr: NTT Global IP Network maintainer
admin-c: NERA4-RIPE
tech-c: NERA4-RIPE
upd-to: ip-eng-reports@us.ntt.net
mnt-nfy: ip-eng-reports@us.ntt.net
notify: ip-eng-routing@us.ntt.net
remarks: contacts per RFC2142:
remarks: Abuse / UCE reports abuse@ntt.net
remarks: Security issues security@ntt.net
mnt-by: MAINT-NTTCOM-BB
auth: MD5-PW # Filtered
auth: PGPKEY-8FF9A873 # Troy Boudreau
created: 2009-12-08T19:26:41Z
last-modified: 2023-01-05T18:36:50Z
source: RIPE # Filtered
where as irrd 4.2.6 shows:
in the modification section:
-auth: MD5-PW $1$h<troy_redacted>
+auth: MD5-PW $1$S<troy_redacted>
and then in the full
auth: MD5-PW $1$S<troy_redacted>