[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#711251: root+KDC password in clear in /var/cache/debconf/

found 711251 1.455

I just did a main-server installation using
<URL: ftp.skolelinux.org::cd-squeeze-amd64-i386-netinst/debian-edu-amd64-i386-NETINST-1.iso >,
and looked for the root and first user password in /var/cache/debconf/

  grep -rl password /var/cache/deconf/

and I am sad to report that the passwords showed in both templates.dat
and templates.dat-old.

The same is not the case with my home server, which is also a Debian Edu
Squeeze server.  No idea what is different, but the problem seem to
exist in Squeeze too. :(

Happy hacking
Petter Reinholdtsen

Reply to: