Bug#3024: wu-ftpd and confidentiality of logs

To: debian-bugs@pixar.com
Cc: lukas@teorica0.ifisicacu.unam.mx
Subject: Bug#3024: wu-ftpd and confidentiality of logs
From: Lukas Nellen <lukas@teorica0.ifisicacu.unam.mx>
Date: Thu, 16 May 1996 12:39:11 -0500
Message-id: <[🔎] 199605161739.MAA32399@snork.ifisicacu.unam.mx>
Reply-to: Lukas Nellen <lukas@teorica0.ifisicacu.unam.mx>, debian-bugs@pixar.com

Package: wu-ftpd
Version: 2.4-20

wu-ftpd logs login failures in /var/log/daemon.log, not in
/var/log/auth.log. Thereby, if a user types his password instead of
the user name, that information becomes accessible to any user on the
system.

		Cheers,
			Lukas
-------------------------------------------------------------------------------
   Dr. Lukas Nellen                 | Email: lukas@teorica0.ifisicacu.unam.mx
   Depto. de Fisica Teorica, IFUNAM |
   Apdo. Postal 20-364              | Tel.:  +52 5 622 5014 ext. 218
   01000 Mexico D.F., MEXICO        | Fax:   +52 5 622 5015

Reply to:

Prev by Date: Bug#2960: etc/cron.weekly/syslogd is not a conffile as it ought to be
Next by Date: Bug#3016: guile-0.4.0-3: /usr/include/guile installed without execute permission
Previous by thread: kernel-package-0.6 to be uploaded to master (soon as I can connect)
Next by thread: Bug#3025: wu-ftp postinst doesn't flush stdout
Index(es):
- Date
- Thread