Great news, thanks! On 01/31/2015 07:01 PM, Evgeny Kapun wrote: > This should be fixed in the latest version. See > https://bugs.debian.org/741678. > > On 01.02.2015 03:09, John Goerzen wrote: >> Hello, >> >> A friend of mine pointed out to me recently that the Debian Live CD has >> ssh open to the network by default, and the "user" account -- which has >> passwordless sudo to root privileges -- has a password that is >> well-known and easily found via Google. This poses some nasty surprises >> for people that might be using it to repair systems on their LAN, and >> even worse surprises for people that might install the Live CD image to >> their system. >> >> I have seen a few mentions of this online, but it doesn't seem that >> people are thinking of it as a security risk. What is the best way to >> get this fixed? >> >> Thanks! >> >> -- John >> >> >
-- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54ce1385.40...@complete.org