oss-sec mailing list archives
Re: Clear text password in process list when using MySQL GUI tools
From: Moritz Muehlenhoff <jmm () inutil org>
Date: Wed, 17 Nov 2010 21:06:44 +0100
On Wed, Nov 17, 2010 at 08:38:06AM -0500, Josh Bressers wrote:
Steve, What are the thoughts of MITRE on this one? This affects all sorts of stuff, and I don't upstream removing the command line option (which is probably the only fix).
I didn't look into this specific issue since both mysql-query-browser
and mysql-admin have been removed and are no longer supported in Debian,
but there have been cases in the past, where leaking sensitive information
in the process list was assigned a CVE ID, e.g. CVE-2004-1948 for
ncftp.
Cheers,
Moritz
Current thread:
- Clear text password in process list when using MySQL GUI tools Martin Drescher (Nov 16)
- Re: Clear text password in process list when using MySQL GUI tools Josh Bressers (Nov 17)
- Re: Clear text password in process list when using MySQL GUI tools Moritz Muehlenhoff (Nov 17)
- Re: Clear text password in process list when using MySQL GUI tools Steven M. Christey (Nov 17)
- Re: Clear text password in process list when using MySQL GUI tools Josh Bressers (Nov 18)
- Re: Clear text password in process list when using MySQL GUI tools Josh Bressers (Nov 17)