PassiveDNS REST API token displayed to user on connection error

The complete URL is displayed to the user on communication error with external service. In case of PassiveDNS connection, the URL contains the access token, whích should be kept secret. The current token was already disclosed and must be regenerated, but this has to be also fixed.

added C-Dev-GUI Done 0% P3 S-New T-Bug labels

changed milestone to %Backlog

Relation 'relates' to: 7564

Relation Relates - Support 7564 Renew the PassiveDNS REST API token

By Radko Krkoš on 2022-03-01T11:56:16

The reported problem was detected here:
https://mentat-hub.cesnet.cz/mentat/pdnsr/search

Other points of communication between pDNS and Mentat were not analysed and might be also vulnerable.

By Radko Krkoš on 2022-03-09T12:23:46

assigned to @rajmund_hruska

By Rajmund Hruška on 2024-12-26T14:25:12

changed milestone to %2.9

I fixed the error message in e626dcfa. I checked the other places where pdns is used and there shouldn't be any problems. I also looked at NERD to check if the similar problem exists there but it seems to be fine there.

By Rajmund Hruška on 2022-03-14T09:41:28

added Done 100% S-Resolved labels and removed Done 0% S-New labels

Merged into devel.

By Rajmund Hruška on 2022-03-15T10:27:09

added S-In Review label and removed S-Resolved label

Also FLAB Pentest 2022-03 no. 35

By Pavel Kácha on 2022-03-22T17:12:52

added S-Closed label and removed S-In Review label

closed