Package: mnogosearch-common Version: 3.2.31-1 Severity: critical Tags: security
The Debian configuration tool (debconf) asks for the database administrator password when configuring mnogosearch, and then stores the password in clear text in the world-readable file /var/cache/debconf/config.dat under the key mnogosearch-common/database_admin_pass instead of using the restricted access file /var/cache/debconf/passwords.dat Regards, Andrew -- mailto:[EMAIL PROTECTED] Andrew Pam http://www.xanadu.com.au/ Chief Scientist, Xanadu http://www.glasswings.com.au/ Partner, Glass Wings http://www.sericyb.com.au/ Manager, Serious Cybernetics -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]