On Tue, 18 Sep 2012 09:21:11 -0500, Elardus Engelbrecht wrote: >Ed Gould wrote: > >>1. I have seen passwords on the syslog. > >Can you show any example(s) of such messages? Of course you can mask out the >passwords before posting. ;-) >Was that by design [1] or by operator error? Was that a verbatim copy of some >command? > It's easy for a user to tab to the wrong field and inadvertently type a password in the user ID field. The user may correct the error and continue, not realizing that the password may now appear in SYSLOG.
Mistake? Sure. Process violation? Sure. Security exposure nonetheless. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
