Date: Tue, 17 Jan 2012 09:51:05 +0100 From: Yves-Alexis Perez <corsac@...ian.org> To: oss-security@...ts.openwall.com Subject: gpw password generator giving short password at low rate Hi list, we were pointed at a bug in gpw (a password generator), which makes it generate shorter password than required at a rate of ~20 over 1 million. The bug is at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651510 (so already public) and I'm wondering if that deserves a CVE: * gpw seems unmaintained (upstream and in Debian since around 2006) * I'm not sure people even use it * people using it interactively will notice the password has the wrong size But as it may be used in a script, then it might still be a real issue. What do people think? Regards, -- Yves-Alexis Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ