Bug#904200: RM: acccheck -- ROM; Insecure, unmaintained, better alternatives
Package: ftp.debian.org
Severity: normal
Please remove the acccheck package. It is affected by multiple security
vulnerabilities that are unlikely to be fixed by upstream as this was a
script written and shared a long time ago, upstream is not actively
maintaining it.
The feature set of this package is also redundant with other better tools:
metasploit, hydra, medusa, ncrack and patator
FWIW the package has been dropped from Debian Testing due to #901572
and Kali followed suite, it has been dropped from their meta-package too.
Thank you in advance.
PS: I first tried to patch the security vulnerability but when I looked at
the code more closely, it's literaly riddled with shell injection
vulnerabilities and it would be time-consuming to fix them all.
PS: I'm requesting this as a member of the pkg-security packaging team
even though I'm not listed in Uploaders of the package. I have put Marcos
Fouces in copy of the bug.
Reply to: