Bug 64 - should use DIGEST instead of HTTP basic authentication for web admin
Summary: should use DIGEST instead of HTTP basic authentication for web admin
Status: NEW
Alias: None
Product: repro
Classification: Unclassified
Component: command-line and web admin (show other bugs)
Version: unspecified
Hardware: All All
: P1 normal
Assignee: Owner of all unassigned bugs
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-01-22 05:04 CST by Daniel Pocock
Modified: 2014-01-22 05:04 CST (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Pocock 2014-01-22 05:04:59 CST
The user login to the web admin page currently uses the HTTP basic algorithm.  This transmits the password as plaintext.

It should use HTTP DIGEST for slightly more security.

As a workaround, users can tunnel through ssh to access the web admin port, it should not be exposed to public access.