[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#711251: root+KDC password in clear in /var/cache/debconf/

package: debian-edu-config
severity: serious
x-debbugs-cc: debian-edu@lists.debian.org
version: 1.704


On Mittwoch, 5. Juni 2013, Wolfgang Schweer wrote:
> > > Don't know if it was the case before, but now the root password entered
> > > during installation is visible in /var/cache/debconf/templates.dat and
> > > /var/cache/debconf/templates.dat-old (as KDC and LDAP passwords).
> > That is very strange.  The values are supposed to be wiped out at the
> > end of the installation, and their type 'password' which is handled
> > specially by debconf and not stored in the "public" database.
> /var/cache/debconf/passwords.dat is clean, but templates.dat and
> templates.dat-old contain both: first-user-password and root pw (as KDC
> and LDAP pw.

Filing as serious bug, so we dont forget.


Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: