Package: shinken-mod-webui Version: 1.0-1 Severity: grave Tags: security Justification: user security hole
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The two files referenced in README containing users+passwords and salt are world readable. Any local user can apparently gain administrator access to shinken! - Jonas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVCAslAAoJECx8MUbBoAEhlxAP/2bvzmTfk9ZbXrlVO/9jLS98 FAQeiDK81tBmUz1ey4ZsheaSaBnysB31M8SFgNNfAa27mfQLZ2EtmPkbsaqiTcy2 SXy2k4LtTE7ccIJs5cPFdvVlwjAX/ZRVDBkaIMxt4qfpoD3BoK7kiANrO/qoVojx l03M+gyMy1lJZJXCz5rcpRnUMA7tRHOg0FjkGdff3XlQpzm/RV3SM8BzdUFOBoW0 nCo7spLbT5A83kLajv+0DXJfuAibW9ViFmY64y2hd9xew3ZK3AE+utKu2p4pBW98 9Elqa2vQ9NZzXZ8SkAsp/eeVs6SaK2XzwMyQosuIvtlmQYdh9uOC/sgy1KztoZ3g vez1NzRKSVdsx35O5L5hlZTAij6rs5wl41BOBlf5/27AoSWa9vqvT5ko+Vy4Unnv GvRAVobHjTBPeaS6Y12Njzzltr45Xl5nslY7GuoBDi9Ck//2I8vN3KZmqI/M/huV dKBoESDyRlxeannsV3YHxBDlXs9wBmtji/86acQ16gGUMj6cnRSfcmg1uCQKGLOc iIZJUlD2txPrGCnZR/WUN35oTN5Hk51SLeL/5lsiuqU5kIjzt41ebJngyt5vOfYC SSTut3aub74QJxWBPAtQvPAjXM7FHea4Fu1+CLasM8pGWG8Xyv+OYT32Ut9sPEjI x7T1b6PDquLhukInM08s =K7qm -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
