Fredrik Holmberg

R80 automation - run-script potential leakage of credentials

Discussion created by Fredrik Holmberg on Sep 7, 2018
Latest reply on Oct 18, 2018 by Uri Bialik



After messing with the run-script API call for automating several things on R80, I noticed that it does not filter/mask user credentials and other sensitive data sent to it. Everything gets stored in the Recent Tasks log (bottom left corner).


Here's an example from provisioning a VS using vsx_provisioning_tool:



Had to switch to local authentication (-L) to prohibit the user credentials from being exposed and stored.


Anyway, I think this should be handled by run-script itself, possibly the Check Point GUI, especially when executing obvious Check Point internal tools. Could be some regex foo or something, replacing the output with "-p xxxxxxx" instead.


Have a nice weekend!


 - Fredrik