mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-09 18:45:54 +02:00
0effbb3569
Disable unauthenticated access to cgi-bin/credits.cgi. The page leaks the currently installed version of IPFire and the hardware architecture. Both information might make a successful attack much easier. This issue can be reproduced by accessing https://[IPFire-IP]:444/cgi-bin/credits.cgi and accepting a SSL certificate warning (if any). Signed-off-by: Peter Müller <peter.mueller@link38.eu> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>