Package: dbconfig-common Version: 1.8.29+etch1 Severity: minor While I am aware that the password "8" is just as totally random as "Af3fS35xF", I feel that it's worryingly close to the beginning of the search space for a brute force attack -- I will confess that I'm no security expert, but might it be a good idea to pass the passwords through something like cracklib to filter out the totally weak ones?
The package I noticed this in was nagios-mysql; the first install I did created a nice, long, random looking password. Then I scrapped the install and redid things from scratch, resulting in: #xsddb_host= #xsddb_port= xsddb_database=nagiosmysql xsddb_username=nagios-mysql xsddb_password=8 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
