[cvsnt] 2.5.01.1998: User password in CLEAR(public) form in "secure" log on Linux
Andrew Gaganov
agaganov at openwaygroup.com
Wed Jun 22 09:57:42 BST 2005
Hi!
Linux Server: 2.5.01.1998
Windows 2000 client: 2.5.01.1998
Today, I discovered that cvsnt writes users passwords to linux secure log,
if login fails.
For example (password filled '*'):
--------------
Jun 22 12:39:39 cvs cvsnt: login failure by vbaranov / ******* (for
/home/cvs/root)
Jun 22 12:43:35 cvs cvsnt: login failure by vbaranov / **** (for
/home/cvs/root)
--------------
I didn't find option to disable it.
It would be better not to show passwords in clear form, even if login fails.
-------
Andrew Gaganov
Phone : +7 (812)324-4898 # 259
E-Mail : agaganov at openwaygroup.com
More information about the cvsnt
mailing list