'Re: [oss-security] CVE request: NetworkManager-openvpn logs cert'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: NetworkManager-openvpn logs cert
From:       Josh Bressers <bressers () redhat ! com>
Date:       2011-05-31 19:17:46
Message-ID: 1672938819.396907.1306869466564.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

Please use CVE-2011-1943 for this.

Thanks.

-- 
    JB

----- Original Message -----
> and another one from RH bz:
> https://bugzilla.redhat.com/show_bug.cgi?id=708876
> 
> Robert Marcano 2011-05-29 20:28:01 EDT
> 
> Description of problem:
> 
> Password to unlock certificate is logged to /var/log/messages
> 
> May 29 19:46:42 localhost NetworkManager[4791]: destroy_one_secret:
> destroying
> ********
> 
> Version-Release number of selected component (if applicable):
> 
> NetworkManager-openvpn-0.8.999-1.fc15.x86_64
> 
> 
> Additional info:
> 
> I would love to have the option to type the password at connection
> time instead
> of it being stored, but adding the password to the system log is wrong
> 
> --
> Thomas Biege <thomas@suse.de>, SUSE LINUX, Security Support & Auditing
> SUSE LINUX GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB
> 21284 (AG Nürnberg
> --
> Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
> -- Marie von Ebner-Eschenbach

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic