Package: xsupplicant Version: 1.0.1-4 Severity: grave Tags: security Justification: user security hole
When xsupplicant is started on boot, my wireless card is not "up". In that situation, xsupplicant happily dumps configuration settings, including username/password settings, to /var/log/xsupplicant.log. For the same reason it is probably not a good idea that the default /etc/xsupplicant/xsupplicant.conf is created world-readable. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-16.0505-1 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages xsupplicant depends on: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libssl0.9.7 0.9.7e-3 SSL shared libraries -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
