Package: nut-monitor Version: 2.7.2-1.1 Followup-For: Bug #777706 I have bumped the severity to critical, as this introduces a security hole on the system. The password is stored world-readable by default and only mildly obfuscated (base64, not crypted as I had assumed, though even if it had been crypted, it's not strong enough to withstand a brute force attack). Once I have your nut password, I can issue a device command 'load.off' to turn off all devices connected to the UPS, causing a denial of service.
Ben -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
