[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: NetworkManager-openvpn logs cert
From: Josh Bressers <bressers () redhat ! com>
Date: 2011-05-31 19:17:46
Message-ID: 1672938819.396907.1306869466564.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
Please use CVE-2011-1943 for this.
Thanks.
--
JB
----- Original Message -----
> and another one from RH bz:
> https://bugzilla.redhat.com/show_bug.cgi?id=708876
>
> Robert Marcano 2011-05-29 20:28:01 EDT
>
> Description of problem:
>
> Password to unlock certificate is logged to /var/log/messages
>
> May 29 19:46:42 localhost NetworkManager[4791]: destroy_one_secret:
> destroying
> ********
>
> Version-Release number of selected component (if applicable):
>
> NetworkManager-openvpn-0.8.999-1.fc15.x86_64
>
>
> Additional info:
>
> I would love to have the option to type the password at connection
> time instead
> of it being stored, but adding the password to the system log is wrong
>
> --
> Thomas Biege <thomas@suse.de>, SUSE LINUX, Security Support & Auditing
> SUSE LINUX GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB
> 21284 (AG Nürnberg
> --
> Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
> -- Marie von Ebner-Eschenbach
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic