This should be fixed in the latest version. See https://bugs.debian.org/741678.
On 01.02.2015 03:09, John Goerzen wrote: > Hello, > > A friend of mine pointed out to me recently that the Debian Live CD has > ssh open to the network by default, and the "user" account -- which has > passwordless sudo to root privileges -- has a password that is > well-known and easily found via Google. This poses some nasty surprises > for people that might be using it to repair systems on their LAN, and > even worse surprises for people that might install the Live CD image to > their system. > > I have seen a few mentions of this online, but it doesn't seem that > people are thinking of it as a security risk. What is the best way to > get this fixed? > > Thanks! > > -- John > > -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
