[cvsnt] 2.5.01.1998: User password in CLEAR(public) form in"secure" log on Linux

David Somers dsomers at trevezel.com
Wed Jun 22 11:21:52 BST 2005


Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.


> From: cvsnt-bounces at cvsnt.org [mailto:cvsnt-bounces at cvsnt.org]On Behalf
> Of Andrew Gaganov

[snip]
> Today, I discovered that cvsnt writes users passwords to linux secure log,
> if login fails.
> For example (password filled '*'):
> --------------
> Jun 22 12:39:39 cvs cvsnt: login failure by vbaranov / ******* (for
> /home/cvs/root)
> Jun 22 12:43:35 cvs cvsnt: login failure by vbaranov / **** (for
> /home/cvs/root)
> --------------

That's strange... in my syslog it just says something like:
Jun 22 12:16:27 caslon cvs[16938]: login failure (for /omz13)

So there's no sign of even the username, let alone the password... maybe
because I'm using PAM.

Greetings from Luxembourg,

David




More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook