You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

Pages: 1

#1 2017-07-06 14:41:22

guens72
Member
Registered: 2017-07-06
Posts: 3

Mechanism for GLPIKEY

Hi everybody,

It is the same key for all installs over the world.

Could you make a random key or ask a pass key at GLPI install and find a mechanism to store the GLPIKEY ?

and I think the hard job is for the update.

With wireshark in the GLPI server I can find the LDAP password.

If I'm a Hacker (not the case, I'm in SI audit)
I find the GLPI server
Dump GLPI DATA
Reinstall GLPI on one PC I have control
Restore GLPI DATA
Test LDAP  connect and with wireshark I can see LDAP password.

OR in first time say at every install of GLPI to change the GLPIKEY in glpi/config/define.php ~line 125 before doing everything else.

I hope you will anderstand what I say

For help
Guens72

Offline

Pages: 1

Board footer

Powered by FluxBB