*** This bug is a security vulnerability *** Private security bug reported:
During installation bacula creates /etc/bacula/common_default_passwords and uses this passwords in /etc/bacula/bacula-{sd,fd,dir}.conf files. However DIRPASSWD from common_default_passwords does not match one in bacula-dir.conf, instead hardcoded value is used. I installed bacula on 2 different systems and in both cases passwords in common_default_passwords were random and unique but bacula-dir.conf "Director" password was the same on both systems. Ubuntu 12.04.2 LTS bacula: Installed: 5.2.5-0ubuntu6.2 Candidate: 5.2.5-0ubuntu6.2 Version table: *** 5.2.5-0ubuntu6.2 0 500 http://gb.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages 100 /var/lib/dpkg/status 5.2.5-0ubuntu6 0 500 http://gb.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages ** Affects: bacula (Ubuntu) Importance: Undecided Status: New ** Tags: precise ** Information type changed from Public to Private Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1197018 Title: bacula-dir.conf does not use random password To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bacula/+bug/1197018/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs