[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#659047: RFS: rpg - Readable Password Generator

On Wed, Apr 04, 2012 at 01:39:07PM +0300, Timo Juhani Lindfors wrote:

> I think rpg is very insecure since all local users of the system can see
> the passwords that you generate. All they need to do is to look for the
> "grep" commands that appear in the process list.

First of all in most cases it is using on workstation where are no other
live users then You (or hacker breached into Your system) . Second, it
is used sporadically and rarely. To catch those passwords You need
continuously watching and analyze process list for a long time. It is
less likely for such scenario to be used. Some chance for using this
hole is on the servers where passwords are generated automatically and
very often.

Nevertheless, to keep on strict security basics, I agree - it should be
fixed in some way.

--

***************************
##  Vladimir Stavrinov
##  vstavrinov@gmail.com
***************************
Reply to: