Fredrik Holmberg

R80 automation - run-script potential leakage of credentials

Discussion created by Fredrik Holmberg on Sep 7, 2018
Latest reply on Oct 18, 2018 by Uri Bialik

Hi,

 

After messing with the run-script API call for automating several things on R80, I noticed that it does not filter/mask user credentials and other sensitive data sent to it. Everything gets stored in the Recent Tasks log (bottom left corner).

 

Here's an example from provisioning a VS using vsx_provisioning_tool:

 

 

Had to switch to local authentication (-L) to prohibit the user credentials from being exposed and stored.

 

Anyway, I think this should be handled by run-script itself, possibly the Check Point GUI, especially when executing obvious Check Point internal tools. Could be some regex foo or something, replacing the output with "-p xxxxxxx" instead.

 

Have a nice weekend!

 

 - Fredrik

Outcomes