Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 16 Nov 2010 17:22:36 +0100
From: Martin Drescher <drescher@...fu.de>
To: oss-security@...ts.openwall.com
Subject: Clear text password in process list when using MySQL GUI tools

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi ML.

If you use some MySQL-GUI-tool in most (any?) linux distribution like
mysql-admin or mysql-query-browser and then open 'Tools -> MySQL Text
Console' your password, user name and host will become exposed in the
process list.

I think this issue must exists over a long time in many distributions
now but nobody ever cared about.

For Debian users:
Packages mysql-query-browser, mysql-admin are affected.


So far, Martin

 GnuPG Key Fingerprint, KeyID '4FBE451A':
 '2237 1E95 8E50 E825 9FE8  AEE1 6FF4 1E34 4FBE 451A'


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkzir8gACgkQb/QeNE++RRqfIQCfaLDToS6pAfuj4/XgkYSKnBh0
nu8An3JJAp2nZWcOODOXX2KGs07ouATd
=/nj6
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ