Closed ScKris closed 8 months ago
When I'm trying to use 'gnmic get' to pull the telemetry data, any passwords can be accepted. This would be security issue for this when deploying the service. Please check, thanks!
Below is the output from the server to do the 'gnmic get',
gnmic -a x.x.x.x:8080 --insecure get --path /openconfig-interfaces:interfaces/interface[name=Ethernet0]/state/counters --target OC-YANG --username admin password: <any passwords> [ { "timestamp": 1687156144574200730, "time": "2023-06-19T02:29:04.57420073-04:00", "target": "OC-YANG", "updates": [ { "Path": "openconfig-interfaces:interfaces/interface[name=Ethernet0]/state/counters", "values": { "openconfig-interfaces:interfaces/interface/state/counters": { "openconfig-interfaces:counters": { "in-broadcast-pkts": "52", "in-discards": "26128", "in-errors": "0", "in-multicast-pkts": "26128", "in-octets": "14135546", "in-pkts": "40611", "in-unicast-pkts": "14431", "out-broadcast-pkts": "64353", "out-discards": "6", "out-errors": "0", "out-multicast-pkts": "152685", "out-octets": "29935321", "out-pkts": "221167", "out-unicast-pkts": "4129" } } } } ] } ]
This is by design. UMF comes up in an insecure mode by default. Turning on authentication is tracked by issue 185.
When I'm trying to use 'gnmic get' to pull the telemetry data, any passwords can be accepted. This would be security issue for this when deploying the service. Please check, thanks!
Below is the output from the server to do the 'gnmic get',