[Pkg-shinken-maint] Bug#780645: shinken-mod-webui: files containing password or salt are word readable
Jonas Smedegaard
dr at jones.dk
Tue Mar 17 11:08:25 UTC 2015
Package: shinken-mod-webui
Version: 1.0-1
Severity: grave
Tags: security
Justification: user security hole
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The two files referenced in README containing users+passwords and salt
are world readable.
Any local user can apparently gain administrator access to shinken!
- Jonas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJVCAslAAoJECx8MUbBoAEhlxAP/2bvzmTfk9ZbXrlVO/9jLS98
FAQeiDK81tBmUz1ey4ZsheaSaBnysB31M8SFgNNfAa27mfQLZ2EtmPkbsaqiTcy2
SXy2k4LtTE7ccIJs5cPFdvVlwjAX/ZRVDBkaIMxt4qfpoD3BoK7kiANrO/qoVojx
l03M+gyMy1lJZJXCz5rcpRnUMA7tRHOg0FjkGdff3XlQpzm/RV3SM8BzdUFOBoW0
nCo7spLbT5A83kLajv+0DXJfuAibW9ViFmY64y2hd9xew3ZK3AE+utKu2p4pBW98
9Elqa2vQ9NZzXZ8SkAsp/eeVs6SaK2XzwMyQosuIvtlmQYdh9uOC/sgy1KztoZ3g
vez1NzRKSVdsx35O5L5hlZTAij6rs5wl41BOBlf5/27AoSWa9vqvT5ko+Vy4Unnv
GvRAVobHjTBPeaS6Y12Njzzltr45Xl5nslY7GuoBDi9Ck//2I8vN3KZmqI/M/huV
dKBoESDyRlxeannsV3YHxBDlXs9wBmtji/86acQ16gGUMj6cnRSfcmg1uCQKGLOc
iIZJUlD2txPrGCnZR/WUN35oTN5Hk51SLeL/5lsiuqU5kIjzt41ebJngyt5vOfYC
SSTut3aub74QJxWBPAtQvPAjXM7FHea4Fu1+CLasM8pGWG8Xyv+OYT32Ut9sPEjI
x7T1b6PDquLhukInM08s
=K7qm
-----END PGP SIGNATURE-----
More information about the Pkg-shinken-maint
mailing list