 HylaFAX The world's
most advanced open source fax server
|
[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]
[hylafax-users] password disclosure
- To: hylafax-users@xxxxxxxxxxx
- Subject: [hylafax-users] password disclosure
- From: Willy Offermans <Willy@xxxxxxxxxxxxxxxxxxx>
- Reply-to: Willy@xxxxxxxxxxxxxxxxxxx
- Date: Thu, 15 Nov 2007 15:25:50 +0100
Dear HylaFAX friends,
After upgrade to hylafax-4.3.4 on FreeBSD 6.2 I have found following
messages in /var/log/messages/
Nov 15 15:15:31 sun HylaFAX[93545]: PAM checking user "patrick" pass "(null)" from "192.168.1.61"
Nov 15 15:15:31 sun HylaFAX[93545]: PAM checking user "patrick" pass "test" from "192.168.1.61"
Password test is the __actual__ password of user patrick. I do not
think it is a good idea to disclosure passwords in /var/log/messages/
in general, unless explicitly asked for or set in a configuration file.
--
Met vriendelijke groeten,
With kind regards,
Mit freundlichen Gruessen,
De jrus wah,
Willy
*************************************
W.K. Offermans
Home: +31 45 544 49 44
Mobile: +31 653 27 16 23
e-mail: Willy@xxxxxxxxxxxxxxxxxxx
Powered by ....
(__)
\\\'',)
\/ \ ^
.\._/_)
www.FreeBSD.org
____________________ HylaFAX(tm) Users Mailing List _______________________
To subscribe/unsubscribe, click http://lists.hylafax.org/cgi-bin/lsg2.cgi
On UNIX: mail -s unsubscribe hylafax-users-request@xxxxxxxxxxx < /dev/null
*To learn about commercial HylaFAX(tm) support, mail sales@xxxxxxxxx*
- Follow-Ups:
- Re: [hylafax-users] password disclosure
- From: Aidan Van Dyk
- Re: [hylafax-users] password disclosure
- Prev by Date: Re: [hylafax-users] distorted tif when viewed by eye-gnome
- Next by Date: Re: [hylafax-users] password disclosure
- Previous by thread: Re: [hylafax-users] Build on MacOSX 10.5 leopard fails
- Next by thread: Re: [hylafax-users] password disclosure
- Index(es):
Project hosted by iFAX Solutions