Bug#566654: dtc-core: saves administrator password in plain text

2011-09-19 Thread Thomas Goirand
On 09/19/2011 04:25 PM, Ansgar Burchardt wrote: > reopen 566654 > found 566654 0.34.1-1 > thanks > >* New upstream version with lots of security fixes: > - Passwords are now hashed (Closes: #566654). > > Aren't that the passwords in the database (which is a different bug)? > > Regards,

Bug#566654: dtc-core: saves administrator password in plain text

2011-09-19 Thread Ansgar Burchardt
reopen 566654 found 566654 0.34.1-1 thanks * New upstream version with lots of security fixes: - Passwords are now hashed (Closes: #566654). Aren't that the passwords in the database (which is a different bug)? Regards, Ansgar -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@list

Bug#566654: dtc-core: saves administrator password in plain text

2010-02-11 Thread Ansgar Burchardt
Hi, Thomas Goirand writes: > Ansgar Burchardt wrote: >> Yes, it still is a security risk. It escalates any security problem >> where the attacker can (only) read arbitrary files into one where the >> attacker has administrative access to dtc. (cf. /etc/shadow which does >> not store passwords

Bug#566654: dtc-core: saves administrator password in plain text

2010-01-26 Thread Thomas Goirand
Ansgar Burchardt wrote: > Yes, it still is a security risk. It escalates any security problem > where the attacker can (only) read arbitrary files into one where the > attacker has administrative access to dtc. (cf. /etc/shadow which does > not store passwords in a form that allows to easily retr

Bug#566654: dtc-core: saves administrator password in plain text

2010-01-25 Thread Ansgar Burchardt
Hi, Thomas Goirand writes: >> dtc saves the administrator password in plain text in >> /var/lib/dtc/saved_install_config under the variable name conf_adm_pass. >> It remains there even after initial configuration. > > This file is owned by root, and readable by root only. Do you think this > is s

Bug#566654: dtc-core: saves administrator password in plain text

2010-01-24 Thread Thomas Goirand
Ansgar Burchardt wrote: > Package: dtc-core > Version: 0.30.10-1 > Severity: important > Tags: security > > Hi, > > dtc saves the administrator password in plain text in > /var/lib/dtc/saved_install_config under the variable name conf_adm_pass. > It remains there even after initial configuration.

Bug#566654: dtc-core: saves administrator password in plain text

2010-01-24 Thread Ansgar Burchardt
Package: dtc-core Version: 0.30.10-1 Severity: important Tags: security Hi, dtc saves the administrator password in plain text in /var/lib/dtc/saved_install_config under the variable name conf_adm_pass. It remains there even after initial configuration. Regards, Ansgar -- To UNSUBSCRIBE, ema