irrd version 4.2.6 exposes password/MD5-PW on email notifications

Question

irrd version 4.2.6 exposes password/MD5-PW on email notifications

Closed this issue 2 years ago · 0 comments

RIPE server shows:

OBJECT BELOW MODIFIED:

@@ -14,3 +14,3 @@
 created:        2009-12-08T19:26:41Z
-last-modified:  2022-08-02T14:00:35Z
+last-modified:  2023-01-05T18:36:50Z
 source:         RIPE # Filtered


THIS IS THE NEW VERSION OF THE OBJECT:

mntner:         MAINT-NTTCOM-BB
descr:          NTT Global IP Network maintainer
admin-c:        NERA4-RIPE
tech-c:         NERA4-RIPE
upd-to:         ip-eng-reports@us.ntt.net
mnt-nfy:        ip-eng-reports@us.ntt.net
notify:         ip-eng-routing@us.ntt.net
remarks:        contacts per RFC2142:
remarks:        Abuse / UCE reports abuse@ntt.net
remarks:        Security issues security@ntt.net
mnt-by:         MAINT-NTTCOM-BB
auth:           MD5-PW # Filtered
auth:           PGPKEY-8FF9A873 # Troy Boudreau
created:        2009-12-08T19:26:41Z
last-modified:  2023-01-05T18:36:50Z
source:         RIPE # Filtered

where as irrd 4.2.6 shows:
in the modification section:
-auth: MD5-PW $1$h<troy_redacted>
+auth: MD5-PW $1$S<troy_redacted>
and then in the full
auth: MD5-PW $1$S<troy_redacted>