oss-sec mailing list archives
Re: lxc-sshd security issues?
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 17 Mar 2009 16:02:44 -0400 (EDT)
On Thu, 5 Mar 2009, Michael K. Johnson wrote:
I finally got the right contact info upstream, and we're talking about this, so expect it to not be a problem in future releases. For the record, it's dummy auth data, but still could be seen as a backdoor, and will probably be changed to user-configured value.
By "dummy auth data," do you mean that it's replaced with real/unique passwords/keys before the system becomes operational? Or do these pre-packaged values work unless the admin RTFM? (If the latter, then it needs a CVE; if the former, then there doesn't seem to be a vuln because there's no impact on authentication). - Steve
Current thread:
- lxc-sshd security issues? Michael K. Johnson (Mar 04)
- Re: lxc-sshd security issues? Michael K. Johnson (Mar 05)
- Re: lxc-sshd security issues? Steven M. Christey (Mar 17)
- Re: lxc-sshd security issues? Michael K. Johnson (Mar 18)
- Re: lxc-sshd security issues? Steven M. Christey (Mar 17)
- Re: lxc-sshd security issues? Michael K. Johnson (Mar 05)