oss-sec mailing list archives
Re: Re: Yubiserver package ships with pre-filled identities
From: Nanakos Chrysostomos <nanakos () wired-net gr>
Date: Tue, 31 Jan 2012 08:32:42 +0200
On 31 Ιαν 2012, at 4:22, Kurt Seifried <kseifried () redhat com> wrote:
On 01/30/2012 03:14 PM, Nanakos Chrysostomos wrote:Is this account documented/the impact documented?What do you mean?Is this issue clearly documented, e.g. do the docs say "WARNING: A DEFAULT ACCOUNT IS ENABLED. THIS IS NOT SAFE. IT MUST BE REMOVED PRIOR TO PRODUCTION USE" and so on.
No it's not. In the meantime I have fixed both upstream versions provided through my site and a new package version has been sponsored in Debian that eliminates the problem. Is anything else that has to be done?
Thanks? Chris.
Steve: thoughts/comments? -- Kurt Seifried Red Hat Security Response Team (SRT)
Current thread:
- Re: Yubiserver package ships with pre-filled identities Jonathan Wiltshire (Jan 30)
- Re: Re: Yubiserver package ships with pre-filled identities Kurt Seifried (Jan 30)
- Re: Re: Yubiserver package ships with pre-filled identities Nanakos Chrysostomos (Jan 30)
- Re: Re: Yubiserver package ships with pre-filled identities Kurt Seifried (Jan 30)
- Re: Re: Yubiserver package ships with pre-filled identities Nanakos Chrysostomos (Jan 30)
- Re: Re: Yubiserver package ships with pre-filled identities Kurt Seifried (Jan 30)
- Re: Re: Yubiserver package ships with pre-filled identities Nanakos Chrysostomos (Jan 30)
- Re: Re: Yubiserver package ships with pre-filled identities Nanakos Chrysostomos (Jan 30)
- Re: Re: Yubiserver package ships with pre-filled identities Kurt Seifried (Jan 30)
- Re: Re: Yubiserver package ships with pre-filled identities Gian Piero Carrubba (Jan 30)
- Re: Re: Yubiserver package ships with pre-filled identities Steven M. Christey (Jan 31)