Menu
What's new
By:
Filters Better Search

NVRAM Dump: Sensitive Information Redaction

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

gatorback

gatorback

Regular Contributor
As I understand it, the command:
NVRAM show
can provide useful troubleshooting information when provided to the community (via pastebin). Examples of potentially security-sensitive information include:

ddns_hostname
sshd_dsskey

Originally, I thought it would be good to list items to be removed from the output file, but perhaps the better (from a security standpoint) approach is to explicitly extract non-sensitive to a pastebin file. Does a script to perform the latter exist? Is there a better process / best practice?
 
Last edited:
gatorback said:
As I understand it, the command:
NVRAM show
can provide useful troubleshooting information when provided to the community (via pastebin). Examples of potentially security-sensitive information include:

ddns_hostname
sshd_dsskey

Originally, I thought it would be good to list items to be removed from the output file, but perhaps the better (from a security standpoint) approach is to explicitly extract non-sensitive to a pastebin file. Does a script to perform the latter exist? Is there a better process / best practice?
Click to expand...
Admin account name and Password is also part of that.
 
I just wanted to mention it, as it may not be obvious to other readers.
 
thelonelycoder said:
Admin account name and Password is also part of that.
Click to expand...
Indeed. These also contain important passwords, especially as people use the same password for different services:

acc_list
http_passwd
pptpd_clientlist
wl*_wpa_psk
vpn_client*_password
vpnc_pppoe_passwd
wan*_pppoe_passwd
 
Asus implemented something similar already, which they use to remove security-sensitive information before sending back other nvram settings to them whenever you use their Feedback form (don't look for that page tho, I remove it from my firmware, as I don't want feedback/bug reports about my firmware being sent to them). Not sure if that list is complete (for starter it seems to be missing some VPN credentials), but it would be a starting point for anyone wishing to create such a script.

https://github.com/RMerl/asuswrt-merlin/blob/master/release/src/router/nvram_arm/main.c#L51
 
is it possible to get serial number of ASUS router from command line interface (SSH or telnet) ?

I have tried nvram show but I don't see it
 
You must log in or register to reply here.

Similar threads

Maverickcdn
WAN IP change - suggestions/tips tricks/beta testers
2
Replies
23
Views
4K
Maverickcdn
Maverickcdn
Similar threads
Thread starter Title Forum Replies Date
edgezero manually update /jffs/nvram/filter_lwlist Asuswrt-Merlin 2
A Segmentation Fault message after entering long string into nvram (static leases) Asuswrt-Merlin 0
Acru Bug Report: nvram chilli_enable=1 when guest network is removed causes no routing to occur Asuswrt-Merlin 2
M Solved Set samba case sensitive permanently Asuswrt-Merlin 3

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 765 (members: 24, guests: 741)
Top