Ansgar Burchardt wrote: > Package: dtc-core > Version: 0.30.10-1 > Severity: important > Tags: security > > Hi, > > dtc saves the administrator password in plain text in > /var/lib/dtc/saved_install_config under the variable name conf_adm_pass. > It remains there even after initial configuration.
Hi, This file is owned by root, and readable by root only. Do you think this is still a security risk? What's wrong in doing this? Thomas -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
