thr3ads.net - Secure testing team - [Secure-testing-team] Bug#637537: src:dtc: calls htpasswd with password passed as argument [Aug 2011]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Ansgar Burchardt

2011-Aug-12 12:31 UTC

[Secure-testing-team] Bug#637537: src:dtc: calls htpasswd with password passed as argument

Package: src:dtc
Version: 0.32.5-1
Severity: grave
Tags: upstream security
Justification: user security hole

dtc passes passwords to htpasswd using command line arguments. To quote
htpasswd(1):

  This option should be used with extreme care, since the password is
  clearly visible on the command line.

Regards,
Ansgar

Secure testing team - Aug 2011 - Bug#637537: src:dtc: calls htpasswd with password passed as argument

[Secure-testing-team] Bug#637537: src:dtc: calls htpasswd with password passed as argument