Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Vapid Labs Security Advisory for PrimeBase Database 4.2 (update)

From: "Larry W. Cashdollar" <lwc () vapid ath cx>
Date: Mon, 17 May 2004 20:27:38 -0400 (EDT)

This is in response to bugtraq id 8771,9087.


---------- Forwarded message ----------
Date: Fri, 14 May 2004 07:19:18 -0700
From: Barry Leslie
To: Larry W. Cashdollar <lwc () vapid ath cx>
Subject: Re: WG: Vapid Labs Security Advisory for  PrimeBase Database 4.2

Hi,

I am not sure if you are aware or not but there is a new version of
PrimeBase available at:
http://www.Primebase.com/ftp/releases/4229/
that addresses all of the concerns that you have reported.

Thank you for reporting these things to us.

Barry


From: "Larry W. Cashdollar" <lwc () vapid ath cx>
Date: Wed, 29 Oct 2003 15:37:50 -0500 (EST)
To: Barry Leslie <barry.leslie () primebase com>
Subject: Re: WG: Vapid Labs Security Advisory for  PrimeBase Database 4.2


You guys should also hash the password stored in password.adm.  Storing
passwords in clear text is dangerous.  Users should also be instructed to
change the file permissions to something more restrictive.. like read only
for that user...

# chmod 400 password.adm

-- Larry
Previous By Date Next
Previous By Thread Next

Current thread: