Package: yubiserver Version: 0.6-3 Severity: important Hi,
Database contains sensitive informations about token ids, however, it's world readable: drwxr-xr-x 2 yubiserver yubiserver 4096 févr. 8 22:20 . drwxr-xr-x 88 root root 4096 févr. 8 22:20 .. -rw-r--r-- 1 yubiserver yubiserver 9216 févr. 8 22:20 yubiserver.sqlite -- System Information: Debian Release: 9.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages yubiserver depends on: ii adduser 3.115 ii libc6 2.24-9 ii libev4 1:4.22-1 ii libgcrypt20 1.7.6-1 ii libmhash2 0.9.9.9-7 ii libsqlite3-0 3.16.2-2 yubiserver recommends no packages. yubiserver suggests no packages. -- no debconf information
