severity 638955 normal tags 638955 -security thanks Hi Kim,
On Tue, August 23, 2011 12:11, Kim Rostgaard Christensen wrote: > /etc/proftpd/ldap.conf contains passwords and should therefore not be > world readable per default. > > I think the same applies to other vuser backends Thanks for your report. The file does not contain such passwords by default: the administrator has to edit the file and put an LDAP admin password in there. We can expect system administrators to check the permissions of files they put the LDAP admin passwords into, so I don't think this is a grave security issue. It would be good as a proactive security mesure to change the permissions on that file to prevent mistakes, but the current situation is not really a vulnerability. Cheers, Thijs -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org