http://qa.mandrakesoft.com/show_bug.cgi?id=6148
Product: drakxtools
Component: drakxtools
Summary: drakclub security breach - prints root passowrd to
console
Product: drakxtools
Version: 9.1-15mdk
Platform: PC
OS/Version: All
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: drakxtools
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]
When drakclub is run from the command line, it prints the machine root password
in the console after it is entered in the gui with *. Here is the output of my
console. (Don't worry, I changed the characters of the password.)
********************************************
$ drakclub
##
6 ##
Password: hgj6873f
added medium club.comm_i586_9.2
********************************************
I believe that the password should not be output to the console, this is a
security breach.
--
Configure bugmail: http://qa.mandrakesoft.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
