Bug#3024: wu-ftpd and confidentiality of logs
Package: wu-ftpd
Version: 2.4-20
wu-ftpd logs login failures in /var/log/daemon.log, not in
/var/log/auth.log. Thereby, if a user types his password instead of
the user name, that information becomes accessible to any user on the
system.
Cheers,
Lukas
-------------------------------------------------------------------------------
Dr. Lukas Nellen | Email: lukas@teorica0.ifisicacu.unam.mx
Depto. de Fisica Teorica, IFUNAM |
Apdo. Postal 20-364 | Tel.: +52 5 622 5014 ext. 218
01000 Mexico D.F., MEXICO | Fax: +52 5 622 5015
Reply to: