Hello, A friend of mine pointed out to me recently that the Debian Live CD has ssh open to the network by default, and the "user" account -- which has passwordless sudo to root privileges -- has a password that is well-known and easily found via Google. This poses some nasty surprises for people that might be using it to repair systems on their LAN, and even worse surprises for people that might install the Live CD image to their system.
I have seen a few mentions of this online, but it doesn't seem that people are thinking of it as a security risk. What is the best way to get this fixed? Thanks! -- John -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
