Date: Tue, 16 Nov 2010 17:22:36 +0100 From: Martin Drescher <drescher@...fu.de> To: oss-security@...ts.openwall.com Subject: Clear text password in process list when using MySQL GUI tools -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi ML. If you use some MySQL-GUI-tool in most (any?) linux distribution like mysql-admin or mysql-query-browser and then open 'Tools -> MySQL Text Console' your password, user name and host will become exposed in the process list. I think this issue must exists over a long time in many distributions now but nobody ever cared about. For Debian users: Packages mysql-query-browser, mysql-admin are affected. So far, Martin GnuPG Key Fingerprint, KeyID '4FBE451A': '2237 1E95 8E50 E825 9FE8 AEE1 6FF4 1E34 4FBE 451A' -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzir8gACgkQb/QeNE++RRqfIQCfaLDToS6pAfuj4/XgkYSKnBh0 nu8An3JJAp2nZWcOODOXX2KGs07ouATd =/nj6 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ