Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: Re: Yubiserver package ships with pre-filled identities
From: Nanakos Chrysostomos <nanakos () wired-net gr>
Date: Tue, 31 Jan 2012 08:32:42 +0200


On 31 Ιαν 2012, at 4:22, Kurt Seifried <kseifried () redhat com> wrote:

On 01/30/2012 03:14 PM, Nanakos Chrysostomos wrote:

Is this account documented/the impact documented?


What do you mean?

Is this issue clearly documented, e.g. do the docs say "WARNING: A
DEFAULT ACCOUNT IS ENABLED. THIS IS NOT SAFE. IT MUST BE REMOVED PRIOR
TO PRODUCTION USE" and so on.


No it's not. In the meantime I have fixed both upstream versions provided through my site and a new package version has been sponsored in Debian that eliminates the problem. Is anything else that has to be done?

Thanks?
Chris.


Steve: thoughts/comments?

--
Kurt Seifried Red Hat Security Response Team (SRT)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault