Bug#711251: root+KDC password in clear in /var/cache/debconf/

To: 711251@bugs.debian.org
Subject: Bug#711251: root+KDC password in clear in /var/cache/debconf/
From: Petter Reinholdtsen <pere@hungry.com>
Date: Sun, 09 Jun 2013 19:18:24 +0200
Message-id: <[🔎] 2fla9mzmcdb.fsf@diskless.uio.no>
Reply-to: Petter Reinholdtsen <pere@hungry.com>, 711251@bugs.debian.org
In-reply-to: <[🔎] handler.711251.D711251.137079565619949.ackdone@bugs.debian.org>
References: <E1UliZI-0002D6-OD@franck.debian.org> <[🔎] 201306052335.27284.holger@layer-acht.org> <[🔎] handler.711251.D711251.137079565619949.ackdone@bugs.debian.org>

found 711251 1.455
thanks

I just did a main-server installation using
<URL: ftp.skolelinux.org::cd-squeeze-amd64-i386-netinst/debian-edu-amd64-i386-NETINST-1.iso >,
and looked for the root and first user password in /var/cache/debconf/
using

  grep -rl password /var/cache/deconf/

and I am sad to report that the passwords showed in both templates.dat
and templates.dat-old.

The same is not the case with my home server, which is also a Debian Edu
Squeeze server.  No idea what is different, but the problem seem to
exist in Squeeze too. :(

-- 
Happy hacking
Petter Reinholdtsen

Reply to:

Follow-Ups:
- Processed: Re: Bug#711251: root+KDC password in clear in /var/cache/debconf/
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

References:
- Bug#711251: root+KDC password in clear in /var/cache/debconf/
  - From: Holger Levsen <holger@layer-acht.org>
- Bug#711251: marked as done (root+KDC password in clear in /var/cache/debconf/)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Processing of debian-edu_1.709_amd64.changes
Next by Date: Processed: Re: Bug#711251: root+KDC password in clear in /var/cache/debconf/
Previous by thread: Bug#711251: marked as done (root+KDC password in clear in /var/cache/debconf/)
Next by thread: Processed: Re: Bug#711251: root+KDC password in clear in /var/cache/debconf/
Index(es):
- Date
- Thread