Hi,
It is not often that I post but
1) Logging invalid usernames which can be used to detect all manor of
attacks including dictionary username attacks and password brute force
attacks.
2) As pointed out earlier the file is root only access. The argument
that can be read if you physical
A. Dreyer un jour écrivit:
On Thu, 28 Aug 2008, Johan Walles wrote:
Anyway root already has the capability to view passwords
(i.e. by installing alternate login programs, sniffing tty, ...)
That's obviously true, but that doesn't cover the case when logs are
copied to a second system with
severity 311772 critical
tag 311772 + security
thanks
When users' clear text passwords are logged, that's a security hole.
Setting severity to critical since this bug introduces a security
hole on systems where you install the package. Quote is from the
definition of the critical severity at
Hi Johan,
* Johan Walles [EMAIL PROTECTED] [2008-08-27 22:26]:
severity 311772 critical
tag 311772 + security
thanks
When users' clear text passwords are logged, that's a security hole.
Setting severity to critical since this bug introduces a security
hole on systems where you install
4 matches
Mail list logo
