On Wed, Aug 08, 2007 at 03:58:39PM +0200, Frans Pop wrote: > Package: backuppc > Version: 2.1.2-6 > Severity: critical > Tags: security > > The default password generated at installation time is publically > visible to any user with local access to the system on which backuppc is > installed as it is included in the debconf database [1] as a variable > for the backuppc/configuration-note template. > > [1] /var/cache/debconf/config.dat >
Hi ! Thanks for the report ! What's strange is that the password should be in passwords.dat, not in config.dat... Anyway it should be cleared. Cheers, -- Ludovic Drolez. http://zaurus.palmopensource.com - The Zaurus Open Source Portal http://www.drolez.com - Personal site - Linux, Zaurus and PalmOS stuff -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
