Date: Mon, 30 Jan 2012 19:22:57 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Nanakos Chrysostomos <nanakos@...ed-net.gr>, Jonathan Wiltshire <jmw@...ian.org>, Gian Piero Carrubba <gpiero@...rf.it>, "team@...urity.debian.org" <team@...urity.debian.org> Subject: Re: Re: Yubiserver package ships with pre-filled identities On 01/30/2012 03:14 PM, Nanakos Chrysostomos wrote: >> Is this account documented/the impact documented? >> > > What do you mean? Is this issue clearly documented, e.g. do the docs say "WARNING: A DEFAULT ACCOUNT IS ENABLED. THIS IS NOT SAFE. IT MUST BE REMOVED PRIOR TO PRODUCTION USE" and so on. Steve: thoughts/comments? -- Kurt Seifried Red Hat Security Response Team (SRT)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ