Hello
I am agree with this. Some days ago -when this bugs were published- I
contacted upstream but i get no answer.
Greetings,
Marcos
On 21/07/18 15:02, Raphaël Hertzog wrote:
> Package: ftp.debian.org
> Severity: normal
>
> Please remove the acccheck package. It is affected by multiple security
> vulnerabilities that are unlikely to be fixed by upstream as this was a
> script written and shared a long time ago, upstream is not actively
> maintaining it.
>
> The feature set of this package is also redundant with other better tools:
> metasploit, hydra, medusa, ncrack and patator
>
> FWIW the package has been dropped from Debian Testing due to #901572
> and Kali followed suite, it has been dropped from their meta-package too.
>
> Thank you in advance.
>
> PS: I first tried to patch the security vulnerability but when I looked at
> the code more closely, it's literaly riddled with shell injection
> vulnerabilities and it would be time-consuming to fix them all.
>
> PS: I'm requesting this as a member of the pkg-security packaging team
> even though I'm not listed in Uploaders of the package. I have put Marcos
> Fouces in copy of the bug.
>
