Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 31 Jan 2012 08:32:42 +0200
From: Nanakos Chrysostomos <nanakos@...ed-net.gr>
To: Kurt Seifried <kseifried@...hat.com>
Cc: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>,
        Jonathan Wiltshire <jmw@...ian.org>,
        Gian Piero Carrubba <gpiero@...rf.it>,
        "team@...urity.debian.org" <team@...urity.debian.org>
Subject: Re: Re: Yubiserver package ships with pre-filled identities


On 31 Ιαν 2012, at 4:22, Kurt Seifried <kseifried@...hat.com> wrote:

> On 01/30/2012 03:14 PM, Nanakos Chrysostomos wrote:
>
>>> Is this account documented/the impact documented?
>>>
>>
>> What do you mean?
>
> Is this issue clearly documented, e.g. do the docs say "WARNING: A
> DEFAULT ACCOUNT IS ENABLED. THIS IS NOT SAFE. IT MUST BE REMOVED PRIOR
> TO PRODUCTION USE" and so on.
>

No it's not. In the meantime I have fixed both upstream versions  
provided through my site and a new package version has been sponsored  
in Debian that eliminates the problem. Is anything else that has to be  
done?

Thanks?
Chris.


> Steve: thoughts/comments?
>
> -- 
> Kurt Seifried Red Hat Security Response Team (SRT)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ