Reply To: unAuthenticated users can see All X509 certs

Home Page Forums Network Management ZeroShell unAuthenticated users can see All X509 certs Reply To: unAuthenticated users can see All X509 certs

#51263

atheling
Member

Not really a security flaw per se. The certificates contain the public key for the individual. That should not be a security risk. The whole idea of public keys is that they can be public.

I think the issue is that it exposes your user list which allows for phishing attempts.

For myself, I think that any directory server should not be accessible from outside your organization. If you are setting up users on Zeroshell then you are using it as a directory server and the home screen on it should not be accessible from outside your organization.

Inside your organization having your users visible should not be too big an issue.