oss-sec mailing list archives
CVE request: NetworkManager-openvpn logs cert password
From: Thomas Biege <thomas () suse de>
Date: Tue, 31 May 2011 15:25:14 +0200
and another one from RH bz: https://bugzilla.redhat.com/show_bug.cgi?id=708876 Robert Marcano 2011-05-29 20:28:01 EDT Description of problem: Password to unlock certificate is logged to /var/log/messages May 29 19:46:42 localhost NetworkManager[4791]: destroy_one_secret: destroying ******** Version-Release number of selected component (if applicable): NetworkManager-openvpn-0.8.999-1.fc15.x86_64 Additional info: I would love to have the option to type the password at connection time instead of it being stored, but adding the password to the system log is wrong -- Thomas Biege <thomas () suse de>, SUSE LINUX, Security Support & Auditing SUSE LINUX GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 21284 (AG Nürnberg -- Wer aufhoert besser werden zu wollen, hoert auf gut zu sein. -- Marie von Ebner-Eschenbach
Current thread:
- CVE request: NetworkManager-openvpn logs cert password Thomas Biege (May 31)
- Re: CVE request: NetworkManager-openvpn logs cert password Josh Bressers (May 31)