Hello, while refactoring the OpenVAS user creation for the openvas-config-manager module, I noticed that the openvas-adduser script shipped with openvas-server will under certain conditions store the password of the new user as plaintext.
You can read more details on this issue in the change request I've prepared: http://www.openvas.org/openvas-cr-31.html Removing this "feature" as described in the CR will take very little effort and will not break compatibility with existing installations. Since I'd like to start working on this ASAP, I'd like to call for votes regarding this CR. Please respond to this mail on openvas-devel and indicate if you are in favor of this CR (+1), don't care (+-0) or are against it (-1). Thank you! Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
pgpYyOWz6DnIn.pgp
Description: PGP signature
_______________________________________________ Openvas-devel mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-devel
