Re: Fwd: Password leaks are security holes

2008-08-28 Thread Johan Walles
2008/8/28 Giacomo A. Catenazzi <[EMAIL PROTECTED]>: > Johan Walles wrote: >> Security shouldn't be based on nobody ever doing more or less common >> mistakes. > > auth.log was invented for this reason, and separated to standard log: > it should be readable on

Fwd: Password leaks are security holes

2008-08-28 Thread Johan Walles
]> Date: 2008/8/27 Subject: Re: Password leaks are security holes To: Johan Walles <[EMAIL PROTECTED]> Kopia: [EMAIL PROTECTED], [EMAIL PROTECTED] Hi Johan, * Johan Walles <[EMAIL PROTECTED]> [2008-08-27 22:26]: > severity 311772 critical > tag 311772 + security > thanks >

Password leaks are security holes

2008-08-27 Thread Johan Walles
severity 311772 critical tag 311772 + security thanks When users' clear text passwords are logged, that's a security hole. Setting severity to critical since this bug "introduces a security hole on systems where you install the package". Quote is from the definition of the critical severity at h