This does seem like a needless security weak point.
For folks who don't live and breath MySQL (like me), here is a procedure
to change the database password:
(in a root shell)
# invoke-rc.d zoneminder stop
# rights='lock tables, alter, select, insert, update, delete'
# zmpass=$
Package: zoneminder
Version: 1.24.4-1
Severity: minor
Tags: security
The debian package creates a database for zoneminder accessible by
anyone with ssh/console access to the machine (or, well, by anyone
that can use the server as vpn / tunnel endpoint), given that user
and pass is always zmuser an
2 matches
Mail list logo
