[Secure-testing-team] Bug#637537: src:dtc: calls htpasswd with password passed as argument
Ansgar Burchardt
ansgar at debian.org
Fri Aug 12 12:31:19 UTC 2011
Package: src:dtc
Version: 0.32.5-1
Severity: grave
Tags: upstream security
Justification: user security hole
dtc passes passwords to htpasswd using command line arguments. To quote
htpasswd(1):
This option should be used with extreme care, since the password is
clearly visible on the command line.
Regards,
Ansgar
More information about the Secure-testing-team
mailing list