Closed golaat closed 1 year ago
Please see issue #3.
@victoriawallace-cisa It was not clear based on the abbreviation of the subject in Issue #3, which considers this a "Question/Idea". I would think having the credentials secured would be a day 1 requirement.
🐛 Summary
As it stands, the username, password and client secret are all stored in plain text in the configuration file. These are sensitive values and should be protected. I'm surprised to see a tool coming from CISA employ this as a practice.