BIND 10 #2716: password in ~/.bind10/default_user.csv is cleartext
BIND 10 Development
do-not-reply at isc.org
Tue Feb 12 11:08:44 UTC 2013
#2716: password in ~/.bind10/default_user.csv is cleartext
-------------------------------------+-------------------------------------
Reporter: cas | Type:
Status: new | defect
Milestone: New Tasks | Priority:
Keywords: | medium
Sensitive: 0 | Component:
Sub-Project: DNS | Unclassified
Estimated Difficulty: 0 | CVSS Scoring:
Total Hours: 0 | Defect Severity: N/A
| Feature Depending on Ticket:
| Add Hours to Ticket: 0
| Internal?: 0
-------------------------------------+-------------------------------------
the password for bindctl is stored in clear text. Although the file is
proteced by user permissions, it might end up where un-authoritized
persons can read it (in a backup, disk removed from server etc).
if possible the password should be stored as a salted hash
--
Ticket URL: <http://bind10.isc.org/ticket/2716>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list