netmaker
netmaker copied to clipboard
gravitl
Security Issue - Private/Public Keypair Exchange for External Clients
Contact Details
No response
What happened?
When creating external clients, the Netmaker server will automatically create the public/private keypair on behalf of the client. This is not how the public/private key exchange is supposed to work. The private key should be generated on the client side and only public keys exchanged. I realize that this is done in terms on convenience, but room should be made in order to perform a proper key exchange. Can the UI be updated so that the client's public key can be entered/edited? Also, I see a feature request to allow for Preshared Keys (https://github.com/gravitl/netmaker/issues/1231), can this also be done at the same time? Perhaps even allowing any of the external client configuration details to be edited?
Version
v0.14.5
What OS are you using?
Linux
Relevant log output
No response
Contributing guidelines
- [X] Yes, I did.
Yes, I answered too quickly .... didn't realize you were talking about ext clients
We will look to roadmap this as it would be a fairly straightforward security enhancement
Okay great, thank you for the prompt response. I'll keep an eye out for it.