× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.
Orbi WiFi 7 RBE973
Reply

DB.DUMP contains passwords in PLAIN TEXT (ReadyNAS 314 OS6)

hksscom
Apprentice

DB.DUMP contains passwords in PLAIN TEXT (ReadyNAS 314 OS6)

I downloaded the logs via the ReadyNAS 314 > System > Logs > Download Logs button.

 

I looked over each logfile and discovered a DB.DUMP file. To my shock, I found that it contained the PLAIN TEXT password for backup jobs involving FTP or RSYNC. That is a serious problem. Can those passwords be encrypted and stored as such in the database?

 

Also, it appears that the DB.DUMP contains references to backup jobs that no longer exist. Where does ReadyNAS OS6 get the dump from, and how we can we dump the latest copy of the database?

 

Thanks!

Message 1 of 3
hksscom
Apprentice

Re: DB.DUMP contains passwords in PLAIN TEXT (ReadyNAS 314 OS6)

For those curious, I was provided the following info in a private message (name withheld unless that person wants it to be known):

 

"/var/readynasd/db.sq3

You can manage this using the sqlite3 command

db.dump is just a dump of this database"

 

Thank you to that person!

 

The only thing left now is the feedback to Netgear to have the passwords ENCRYPTED. That's important in today's day and age of hacks happening all the time.

Message 2 of 3
OOM-9
NETGEAR Expert

Re: DB.DUMP contains passwords in PLAIN TEXT (ReadyNAS 314 OS6)

Thank you for your feedback.

The changes are significant enough where we are expecting to have the fix in the 6.10.0 release.

 

Message 3 of 3
Top Contributors
Discussion stats
  • 2 replies
  • 871 views
  • 1 kudo
  • 2 in conversation
Announcements