No Root Password request on Update when exporting seed
Description
Problem/Justification
None
Impact
None
Activity
Show:
William Gryzbowski August 9, 2021 at 6:06 PM
We are planning on remove these password confirmations since they seem to be useless and give false sense of security.
castigo86 August 5, 2021 at 3:30 PM
Update: also affects 12.0 U5.
Not to be Fixed
Pinned fields
Click on the next to a field label to start pinning.
Created August 5, 2021 at 11:33 AM
Updated July 6, 2022 at 9:00 PM
Resolved August 9, 2021 at 6:06 PM
Summary: when updating to a new version of TrueNAS the option to save a configuration file containing the passwords' seed is offered. No Root Password is necessary to export the file in this instance, contrary to the "normal" procedure under General --> Save Config.
Problem: Given the sensitive nature of the data exported, the same security practice should be implemented when exporting a config file with the password seed, even when performing the pre-update config export.
Expected solution: add a request for Root/Admin Password when exporting a config file with Password seed before an update.
Tested on 12.0 U4.1, when updating to U5.