Closed
Description
Describe the bug
If a password is used to exploit a machine, it gets stored in the report in plaintext.
To Reproduce
Steps to reproduce the behavior:
- Exploit machine with any brute-force exploiter
- Generate a report
- Check mongodb
- The password used for exploit is stored in plaintext
Expected behavior
Use the same mechanism we use for configuration.
Tasks
- Do a realistic monkey run and audit the database searching for sensitive plaintext information (0d) - @VakarisZ
- Write a function to encrypt values in a dictionary based on keys specified (0.25d) @VakarisZ
- Separate the report/telemetry/whatever and the db access with a layer of encryption (0d) @VakarisZ