ssl cert password saved in cleatext #3581

New issue

Open

opened 2026-02-20 02:19:13 -05:00 by deekerman · 0 comments

deekerman commented 2026-02-20 02:19:13 -05:00

Owner

Copy link

Originally created by @mamema on GitHub (Feb 27, 2024).

Is there an existing issue for this?

• I have searched the existing open and closed issues

Current Behavior

in the config.xml in the line

ThissisinCleartext

the password for the pfx cert is saved in clear text.
the password of the admin user in comparison isn't

Expected Behavior

secrets shouldn't be saved in clear text

remarks: the point is, even though a reverse proxy can be / is used for external access, to adhering zero trust, also for internal access should be done everything to apply security measures.

Steps To Reproduce

open the config.xml in config path after applying pfx cert and passwort in web ui (it's masked there - huhh!)

Environment

- OS: debian 12
- Lidarr: 2.1.7.4030
- Docker Install: yes
- Using Reverse Proxy: yes
- Browser: Firefox 123
- Database: internal

What branch are you running?

Master

Trace Logs?

lidarr.trace.txt

Trace Logs have been provided as applicable. Reports may be closed if the required logs are not provided.

• I have read and followed the steps in the wiki link above and provided the required trace logs - the logs contain trace - that are relevant and show this issue.

Originally created by @mamema on GitHub (Feb 27, 2024). ### Is there an existing issue for this? - [X] I have searched the existing open and closed issues ### Current Behavior in the config.xml in the line <SslCertPassword>ThissisinCleartext</SslCertPassword> the password for the pfx cert is saved in clear text. the password of the admin user in comparison isn't ### Expected Behavior secrets shouldn't be saved in clear text remarks: the point is, even though a reverse proxy can be / is used for external access, to adhering zero trust, also for internal access should be done everything to apply security measures. ### Steps To Reproduce open the config.xml in config path after applying pfx cert and passwort in web ui (it's masked there - huhh!) ### Environment ```markdown - OS: debian 12 - Lidarr: 2.1.7.4030 - Docker Install: yes - Using Reverse Proxy: yes - Browser: Firefox 123 - Database: internal ``` ### What branch are you running? Master ### Trace Logs? [lidarr.trace.txt](https://github.com/Lidarr/Lidarr/files/14419789/lidarr.trace.txt) ### Trace Logs have been provided as applicable. Reports may be closed if the required logs are not provided. - [X] I have read and followed the steps in the wiki link above and provided the required trace logs - the logs contain `trace` - that are relevant and show this issue.

deekerman added the

Type: Bug

Status: Help Wanted

Type: External Bug

labels 2026-02-20 02:19:13 -05:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

api-docs

plugins

sonarcloud-update

master

sonarr-pull-bc037ae3

better-list-imports

more-sonarr-pulls

clean-up-recycle-bin

sonarr-pull-edfc12e2

sonarr-pull-160151c6

sonarr-pull-25d9f09a

sonarr-pull-7ea13012

sonarr-pull-846333dd

sonarr-pull-e16ace54

sonarr-pull-84710a31

sonarr-pull-d5dff8e8

sonarr-pull-c7dd7abf

sonarr-pull-e81bb3b9

sonarr-pull-13af6f57

sonarr-pull-64c6a887

sonarr-pull-2a7964bc

sonarr-pull-8bd91bd8

sonarr-pull-8e925ac7

sonarr-pull-af8c67a2

sonarr-pull-more

sonarr-pull-909f2ded

import-via-script

sonarr-pull-6118afa3

sonarr-pull-90a9ecba

sonarr-pull-f946d781

sonarr-pull-4fecd6ed

release-source-type

download-client-aggregate

automatic-import

manual-intervention-notifications

sonarr-pull-6d88a982

sonarr-pull-61fa1e5e

sonarr-pull-62354dfa

sonarr-pull-fb76c237

sonarr-pull-80af1643

bsd-pool-change

radarr-pull-dbca3937

sonarr-pull-6f5467e3

sonarr-pull-f6e6bc98

sonarr-pull-b6417a6f

sonarr-pull-762042ba

various-translates

sonarr-pull-ac7afc35

plugins-dev

changelog-post-script

sonarr-pull-f678775e

sonarr-pull-a27984c0

fix-Mono.Posix.NETStandard

sonarr-pull-0abd52d6

sonarr-pull-18a846f4

sonarr-pull-675c72f0

sonarr-pull-4c324fbb

sonarr-pull-5302ee05

sonarr-pull-29bc660c

sonarr-pull-328cfa12

sonarr-pull-090cdc36

fluentmigrator-feed-fix

fix-history-orhpan-tracks

fix-album-status-ui

browserstack-automation-testing

alias-search

old-ui

v3.1.2.4902

v3.1.1.4900

v3.1.1.4876

v3.1.0.4875

v3.1.0.4867

v3.0.1.4866

v3.0.0.4855

v2.14.5.4836

v2.14.5.4824

v2.14.4.4809

v2.14.3.4791

v2.14.2.4785

v2.14.1.4755

v2.14.1.4714

v2.14.0.4694

v2.13.3.4711

v2.13.2.4685

v2.13.1.4681

v2.13.0.4664

v2.12.4.4658

v2.12.3.4654

v2.12.1.4636

v2.12.0.4633

v2.11.2.4629

v2.11.1.4621

v2.11.0.4610

v2.10.3.4602

v2.10.1.4589

v2.10.0.4574

v2.9.6.4552

v2.9.5.4550

v2.9.4.4539

v2.9.3.4527

v2.9.2.4521

v2.9.1.4517

v2.9.0.4508

v2.8.2.4493

v2.8.1.4482

v2.8.0.4431

v2.7.1.4417

v2.7.0.4413

v2.6.4.4402

v2.6.3.4389

v2.6.2.4379

v2.6.1.4370

v2.6.0.4348

v2.5.3.4341

v2.5.2.4316

v2.5.1.4311

v2.5.0.4277

v2.4.3.4248

v2.4.2.4238

v2.4.1.4234

v2.4.0.4222

v2.3.3.4204

v2.3.2.4183

v2.3.1.4171

v2.3.0.4159

v2.2.5.4141

v2.2.4.4130

v2.2.3.4098

v2.2.2.4090

v2.2.1.4073

v2.2.0.4053

v2.2.0.4045

v2.1.7.4030

v2.1.6.3993

v2.1.5.3968

v2.1.4.3941

v2.1.3.3927

v2.1.2.3893

v2.1.1.3877

v2.1.0.3856

v2.0.7.3849

v2.0.6.3818

v2.0.5.3813

v2.0.4.3802

v2.0.3.3791

v2.0.2.3782

v2.0.1.3769

v2.0.0.3707

v1.5.0.3654

v1.4.5.3639

v1.4.4.3614

v1.4.3.3586

v1.4.2.3576

v1.4.1.3566

v1.4.0.3554

v1.3.5.3530

v1.3.4.3458

v1.3.3.3432

v1.3.2.3412

v1.3.1.3371

v1.3.0.3326

v1.2.6.3313

v1.2.5.3288

v1.2.4.3273

v1.2.3.3267

v1.2.2.3242

v1.2.1.3216

v1.2.0.3183

v1.1.4.3027

v1.1.3.2982

v1.1.2.2935

v1.1.1.2762

v1.1.0.2649

v1.0.2.2592

v1.0.1.2578

v1.0.0.2570

v0.8.1.2135

v0.8.0.2042

v0.8.0.2041

v0.7.2.1878

v0.2.0.1504

v2.0.0.5344

v0.2.0.1480

v0.2.0.1450

v0.7.1.1381

v0.7.0.1347

v0.2.0.1358

v0.6.2.883

v0.6.1.830

v0.6.0.815

v2.0.0.5322

v2.0.0.5319

v2.0.0.5301

v0.2.0.1293

v0.5.0.583

v0.5.0.576

v0.2.0.1216

v0.2.0.1217

v2.0.0.5250

v0.4.0.524

v0.3.1.471

v2.0.0.5228

v2.0.0.5225

v0.3.0.430

v0.2.0.1120

v0.2.0.371

v0.2.0.1067

v0.2.0.1066

v2.0.0.5163

v0.2.0.995

v2.0.0.5153

v0.2.0.980

v0.2.0.935

v0.2.0.910

v2.0.0.5085

v2.0.0.5054

v0.2.0.870

v0.2.0.852

v0.2.0.846

v2.0.0.4949

v2.0.0.4928

v2.0.0.4919

v2.0.0.4918

v2.0.0.4913

v2.0.0.4855

v0.2.0.778

v2.0.0.4753

v2.0.0.4748

v0.2.0.696

v0.2.0.692

v0.2.0.654

v0.2.0.596

v2.0.0.4689

v2.0.0.4688

v0.2.0.535

v2.0.0.4645

v0.2.0.453

v0.2.0.375

v2.0.0.4613

v0.2.0.299

v0.2.0.288

v0.2.0.267

v0.2.0.238

v0.2.0.226

v0.2.0.210

v0.2.0.196

v0.2.0.182

v0.2.0.166

v0.2.0.152

v0.2.0.134

v0.2.0.99

v0.2.0.85

v0.2.0.61

v0.2.0.45

v0.2.0.32

v0.2.0.27

v0.2.0.18

v0.2.0.2

v0.1.0.34353

v0.1.0.34352

v0.1-f

v0.1-e

v0.1-d

v0.1-c

v0.1-b

v0.1-a

0.05

v2.0.0.4472

v2.0.0.4427

v2.0.0.4409

v2.0.0.4389

v2.0.0.4370

v2.0.0.4326

v2.0.0.4323

v2.0.0.4230

v2.0.0.4146

v2.0.0.3953

v2.0.0.3732

v2.0.0.3645

v2.0.0.3573

v2.0.0.3530

v2.0.0.3527

v2.0.0.3357

v2.0.0.3154

v2.0.0.3004

Labels

Clear labels   

Area: API

  

Area: Database

  

Area: Db-migration

  

Area: Download Clients

  

Area: Extras

  

Area: Import Lists

  

Area: Indexer

  

Area: Metadata API

  

Area: Notifications

  

Area: Organizer

  

Area: Parser

  

Area: Scanning

  

Area: Tooling

  

Area: UI

  

Area: Unit Tests

  

Area: Update API

  

On Hold: MetadataAPI Blocking

  

Priority: High

  

Priority: Low

  

Priority: Medium

  

Status: Accepted

  

Status: Cannot Reproduce

  

Status: Confirmed

  

Status: Don't Merge

  

Status: Help Wanted

  

Status: In Progress

  

Status: Info Needed

  

Status: Investigating

  

Status: Logs Needed

  

Status: Maybe One Day

  

Status: Needs Triage

  

Status: On Hold

  

Status: Ready for Review

  

Status: Unlikely

  

Status: Waiting for OP

  

Status: Won't Fix

  

Type: Bug

  

Type: Documentation

  

Type: Duplicate

  

Type: Enhancement

  

Type: Enhancement

  

Type: External Bug

  

Type: Feature Request

  

Type: Regression

  

Type: Support

  

Type: Support.

  

conflict

  

conflict

  

no-conflict

  

not-pulled

  

radarr-pull

  

readarr-pull

  

sonarr upstream

  

sonarr-pull

No labels

Area: API

Area: Database

Area: Db-migration

Area: Download Clients

Area: Extras

Area: Import Lists

Area: Indexer

Area: Metadata API

Area: Notifications

Area: Organizer

Area: Parser

Area: Scanning

Area: Tooling

Area: UI

Area: Unit Tests

Area: Update API

On Hold: MetadataAPI Blocking

Priority: High

Priority: Low

Priority: Medium

Status: Accepted

Status: Cannot Reproduce

Status: Confirmed

Status: Don't Merge

Status: Help Wanted

Status: In Progress

Status: Info Needed

Status: Investigating

Status: Logs Needed

Status: Maybe One Day

Status: Needs Triage

Status: On Hold

Status: Ready for Review

Status: Unlikely

Status: Waiting for OP

Status: Won't Fix

Type: Bug

Type: Documentation

Type: Duplicate

Type: Enhancement

Type: Enhancement

Type: External Bug

Type: Feature Request

Type: Regression

Type: Support

Type: Support.

conflict

conflict

no-conflict

not-pulled

radarr-pull

readarr-pull

sonarr upstream

sonarr-pull

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/Lidarr#3581

No description provided.