@Net-Moose 

I dont see any issue here

A controller administrator and super-admin/owner account should have full access to everything, and they do.  Having a obscured password shown in a switch running config is a non-issue, since a controller user of this level already has access to view and edit the site device username and password anyway, and the ability to enable or disable SSH for the site.  So at this point, what is shown in the switch running config is a moot point.

I just tested another account i set up as just a "viewer" level access.  No access to device username/password and no access to see running config.

Frankly, if someone has gained administrator level access to your controller you have bigger problems than a switch running config.

Hi  @Net-Moose 

Thanks for posting here.

The client's MAC address and other information you mentioned can also be easily retrieved from other interfaces in the controller (without requiring additional passwords).

This button allows administrators to quickly access details about the switch and its connected clients, which many find user-friendly and helpful.

May I ask which specific information you believe should not be displayed here?

  @Net-Moose Ok I see. Well just humor me if you will ...

Let me pose this scenario ... 

You are an administrator of a network but under constant attack by a nearby known hacker. You have reported them and their activity to the FBI Cybercrimes division via their complaint system twice, you have filed police reports, and even filed a complaint with the FCC for their radios being run at power levels which FAR exceed allowed limits. A month later the attacks have only increased in aggressiveness and frequency and NONE of your reporting has yielded so much as an email reply to say nothing of an actual physical investigation or response. In essence you might as well have written your complaints on some toilet paper, and flushed them all down the toilet. So what do you do?

Apart from constructing a faraday cage to enclose your entire footprint or something else equally unrealistic that is ...

Exactly ....  Now, your switches are constantly having their ARP caches poisoned, your wireless connected devices nearest the attacker are under constant siege with ceaseless deauth attacks and there is at least one confirmed Pumpkin router blasting out your networks BSSID as if it were your EAP just to gain access to your network but evidence suggests there must be more than one intermittently detected. This alone has you rocking youre EAPs power on all bands at 100% power along with reducing the allowed db for client connections just to try and keep the hacker off of your networks.... however, this is causing your network to become visible over a much larger area than you need to cover your footprint. This exposes you to additional attackers, war drivers, and the like who believe you me will and do take every opportunity to have at your networks security.

If you are like me, and be thankful that you are not, you probably would go to 802.1x EAP-TLS with Radius .... the controller has some radius capabilities, though not enough to do all of that. You will need to stand up a Radius server or pay for a service to get it done .... best of luck doing that unless you have experience with successfully implementing RADIUS ... the documentation on how to get one working properly ARE SCANT ... and for the most part completely useless as they are largely out of date referencing deprecated versions and old methods to the point you will start to show signs of baldness from the amount of hair pulling you'll likely have sustained in the process of self learning. If not, then congratulations for being MUCH smarter and knowledgeable than me. That still does not change the fact that this scenario is a reality for some.

Now pile on the constant spoofing of learned mac addresses because your network is so loud, an orbiting space station could probably connect ... regardless of MAC-IP bindings, MAC Filtering and ACLs all of which are configured and in use ... and yet, you constantly find your wireless devices showing up as WIRED devices connected to your Gateway and not WIRELESS devices connecting via your EAP like they should be. It goes on and on and on .... 

Consider all of this ... and then tell me that an open running config on your switch for anyone to see without a separate security challenge is a good idea.

Not every scenario is "Best Case" and not every person on this planet is a decent human being... and as it turns out, more often than not for some people, the exact opposite is the reality, whether they choose to see and acknowledge it or not.

  @Net-Moose 

On second thought, nevermind. I thought maybe I could articulate a reason for something that would benefit what is likely a small sampling of the larger customer base and therefore not important. Kindly disregard.

I'll look elsewhere for a solution that meets my needs.