Bug#336099: centericq: [security] Passwords are stored in plain text to .centericq/config

Thu, 27 Oct 2005 13:33:35 -0700 

Package: centericq
Version: 4.21.0-3
Severity: important

All the passwords are saved as plaintext into the configuration file.
This is high security risk that is not obvious from the the "g"
menu which displays "****" in place of these items.

Please offer encryption of the configuration file, which is unlocked
at the initial start of centericq. Even using crypt(1) for encryption
is better than no security at all.

    jab_nick        foo
    jab_pass        netjabber
    jab_server      jabber.org:5222
    jab_pgpkey      <some id>
    jab_pgppass     password
    jab_prio        4

    icq_uin 82313129
    icq_pass        password
    icq_server      login.icq.com:5190
    icq_webaware    1

    irc_nick        foo
    irc_pass        password
    irc_server      irc.freenode.org:6667
    irc_nickpass    password

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-686
Locale: LANG=C, LC_CTYPE=C (charmap=ISO-8859-1) (ignored: LC_ALL set to en_US)

Versions of packages centericq depends on:
ii  centericq-common              4.21.0-3   A text-mode multi-protocol instant
ii  libc6                         2.3.5-7    GNU C Library: Shared libraries an
ii  libcurl3                      7.15.0-4   Multi-protocol file transfer libra
ii  libgcc1                       1:4.0.2-3  GCC support library
ii  libgnutls12                   1.2.8-1    the GNU TLS library - runtime libr
ii  libgpg-error0                 1.1-4      library for common error values an
ii  libgpgme11                    1.1.0-1    GPGME - GnuPG Made Easy
ii  libidn11                      0.5.18-1   GNU libidn library, implementation
ii  libjpeg62                     6b-10      The Independent JPEG Group's JPEG 
ii  libncurses5                   5.5-1      Shared libraries for terminal hand
ii  libssl0.9.7                   0.9.7g-5   SSL shared libraries
ii  libstdc++6                    4.0.2-3    The GNU Standard C++ Library v3
ii  zlib1g                        1:1.2.3-6  compression library - runtime

Versions of packages centericq recommends:
ii  dillo [www-browser]     0.8.5-1.0.1      GTK-based web browser
ii  konqueror [www-browser] 4:3.4.2-4        KDE's advanced file manager, web b
ii  links [www-browser]     0.99+1.00pre12-1 Character mode WWW browser
ii  links2 [www-browser]    2.1pre18-2       Web browser running in both graphi
ii  lynx [www-browser]      2.8.5-2          Text-mode WWW Browser
ii  mozilla-firefox [www-br 1.0.7-1          lightweight web browser based on M
ii  opera [www-browser]     8.50-20050916.6  The Opera Web Browser
pn  sox                     <none>           (no description available)
ii  xemacs21-mule [www-brow 21.4.17-2        highly customizable text editor --

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to