#4669 Webmin RPC communication method has a big security risk
Master webmin server communicated with Slave/client webmin server via RPC calls. To use this feature we need to provide the user name and password of the webmin superuser in the remote server in the "Edit Server" page of "Webmin Sever Index".
Now incase webmin is using unix users as webmin user then, the master webmin server would have the password of the remote webmin client stored as plain text in its "webmin/config/server/.serv' .
I consider this to be a security flaw as the username and password of the remote machine say B is readable by the root user of the local machine say A.
In a scenario where the local password are stored by a unix machine in encrypted form, webmin is making it readable that too from a remote server.
cat XXXXXXXXXX.serv
host=n.n.n.n
id=XXXXXXXXXX
fast=1
port=10001
type=unknown
ssl=0
realhost=
group=
file=/webmin/config/servers/XXXXXXXXXX.serv
desc=
pass=rootpass
user=rootuser
I don't see any way to avoid this though - the master Webmin system needs some way to authenticate itself to other systems. There's no way to hash the password like in /etc/shadow because it needs to be presented un-encrypted to the other server.
I understand that we need to present the un-encrypted password to the other server..and i think this communation between the server is already protected using SSL.
What I was trying to point out is that can we not store the password in the .serv file in an encrypted format ( like its done for the miniserv.users file) such that only webmin can read the password from the .serv file. webmin can decrypt it when while reading and then send it to the remote server while performing the rpc connection.
If it was stored encrypted, where would the key be stored? It would also have to be on the system, meaning that any attacker with root access would still be able to decrypt the passwords.