[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 31 May 2011 15:17:46 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE request: NetworkManager-openvpn logs cert
password
Please use CVE-2011-1943 for this.
Thanks.
--
JB
----- Original Message -----
> and another one from RH bz:
> https://bugzilla.redhat.com/show_bug.cgi?id=708876
>
> Robert Marcano 2011-05-29 20:28:01 EDT
>
> Description of problem:
>
> Password to unlock certificate is logged to /var/log/messages
>
> May 29 19:46:42 localhost NetworkManager[4791]: destroy_one_secret:
> destroying
> ********
>
> Version-Release number of selected component (if applicable):
>
> NetworkManager-openvpn-0.8.999-1.fc15.x86_64
>
>
> Additional info:
>
> I would love to have the option to type the password at connection
> time instead
> of it being stored, but adding the password to the system log is wrong
>
> --
> Thomas Biege <thomas@...e.de>, SUSE LINUX, Security Support & Auditing
> SUSE LINUX GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB
> 21284 (AG Nürnberg
> --
> Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
> -- Marie von Ebner-Eschenbach
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ
