Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 30 Jan 2012 19:22:57 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Nanakos Chrysostomos <nanakos@...ed-net.gr>,
        Jonathan Wiltshire <jmw@...ian.org>,
        Gian Piero Carrubba <gpiero@...rf.it>,
        "team@...urity.debian.org" <team@...urity.debian.org>
Subject: Re: Re: Yubiserver package ships with pre-filled identities

On 01/30/2012 03:14 PM, Nanakos Chrysostomos wrote:

>> Is this account documented/the impact documented?
>>
> 
> What do you mean?

Is this issue clearly documented, e.g. do the docs say "WARNING: A
DEFAULT ACCOUNT IS ENABLED. THIS IS NOT SAFE. IT MUST BE REMOVED PRIOR
TO PRODUCTION USE" and so on.

Steve: thoughts/comments?

-- 
Kurt Seifried Red Hat Security Response Team (SRT)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ