Exposed Apache htpasswd file #2

New issue

Closed

opened 2026-02-20 13:18:27 -05:00 by deekerman · 3 comments

deekerman commented 2026-02-20 13:18:27 -05:00

Owner

Copy link

Originally created by @r0x0d on GitHub (Sep 27, 2019).

Originally assigned to: @mdevaev on GitHub.

Potential security breach. See /configs/kvmd/htpasswd

Originally created by @r0x0d on GitHub (Sep 27, 2019). Originally assigned to: @mdevaev on GitHub. Potential security breach. See /configs/kvmd/htpasswd

deekerman 2026-02-20 13:18:27 -05:00

• closed this issue
• added the
  type:bug
  resolution:invalid
  labels

deekerman commented 2026-02-20 13:18:29 -05:00

Author

Owner

Copy link

@mdevaev commented on GitHub (Sep 27, 2019):

It has limited permissions (600) and readable only by root and kvmd group. What exactly is the problem?

@mdevaev commented on GitHub (Sep 27, 2019): It has limited permissions (600) and readable only by root and kvmd group. What exactly is the problem?

deekerman commented 2026-02-20 13:18:29 -05:00

Author

Owner

Copy link

@r0x0d commented on GitHub (Sep 28, 2019):

I saw the creds in the htpasswd file and thought it was a mistake publishing it on a open source repo, usually this kinda of stuff is inside a environment variable to not be exposed to public.

I wanted to report it before anyone else would abuse of this breach.

If your project has a different structure and this indeed needed to be publish, then it's ok.

@r0x0d commented on GitHub (Sep 28, 2019): I saw the creds in the htpasswd file and thought it was a mistake publishing it on a open source repo, usually this kinda of stuff is inside a environment variable to not be exposed to public. I wanted to report it before anyone else would abuse of this breach. If your project has a different structure and this indeed needed to be publish, then it's ok.

deekerman commented 2026-02-20 13:18:29 -05:00

Author

Owner

Copy link

@mdevaev commented on GitHub (Sep 28, 2019):

Ah, I get it. Thank you for your concern! Everything is fine. This file contains default settings that change during installation.

@mdevaev commented on GitHub (Sep 28, 2019): Ah, I get it. Thank you for your concern! Everything is fine. This file contains default settings that change during installation.

deekerman referenced this issue 2026-02-20 13:18:37 -05:00

Why splitting the USB cable for RPI4? Works flawlessly without #11

deekerman referenced this issue 2026-02-20 14:05:00 -05:00

Unable to see / access BIOS / UEFI #729

deekerman referenced this issue 2026-02-20 14:05:22 -05:00

TESMart Plugin Update Lag #743

deekerman referenced this issue 2026-02-20 14:08:07 -05:00

Update not working #895

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

gh-pages

No results found.

Labels

Clear labels   

component:documentation

  

help wanted

  

resolution:delayed

  

resolution:duplicate

  

resolution:fixed

  

resolution:invalid

  

resolution:rejected

  

resolution:wontfix

  

success story

  

type:bug

  

type:bug

  

type:feature

  

type:question

  

type:question

No labels

component:documentation

help wanted

resolution:delayed

resolution:duplicate

resolution:fixed

resolution:invalid

resolution:rejected

resolution:wontfix

success story

type:bug

type:bug

type:feature

type:question

type:question

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/pikvm-pikvm#2

No description provided.