This one time, at band camp, Kelly Brown wrote: >username and passwords are stored in cleartext in a Berkleydb. If you >can read the db file you can run strings on it and see everybody's >passwords in the clear. As this is a security application, I think this >needs to be fixed.
If you can read /var/lib/osirismd/filter.db then you already have root access on the management daemon box, and you have a lot of problems apart from being able to read the cli password. Sure, it could be stored after a hash, that'd be better, but you should not rely on the storage of the password as the only security of the machine. For example, if an attacker has root access on the osirismd machine, they have all the databases too, and could modify those hostdbs to hide their presence on another machine. I don't have the resources to write this patch, so unless someone offers up a patch, or this gets done upstream, I'm going to mark this bug ask wontfix. Sorry about that.
