[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Cleartext password in login-failure message
|
From: |
Ross Patterson |
|
Subject: |
Re: Cleartext password in login-failure message |
|
Date: |
Tue, 11 Nov 2003 14:14:04 -0500 |
|
User-agent: |
KMail/1.4.3 |
On Tuesday 11 November 2003 12:22 pm, Larry Jones wrote:
> It includes the *crypted* versions of the entered password and the
> correct password, not the plain text.
Yeah, that should have been obvious, but having read the older source I guess
I just missed it.
> And it carefully avoids logging the plain text of the entered
> password because the failure might well be the result of a simple,
> easily guessed typo.
Right, that's what drew my attention in the first place. Red Hat Linux comes
with CVS 1.11.2, and at that level the cleartext bad password is indeed
logged ("syslog (LOG_AUTHPRIV | LOG_NOTICE, "login failure by %s / %s (for
%s)", username, descrambled_password, repository);").
> That's the whole point of LOG_AUTHPRIV -- to have a place to log
> sensitive information that shouldn't be public, but can be very
> important for debugging. I don't know of any system that provides the
> facility that doesn't also have it set up securely in the default
> syslogd configuration.
>
> I think you're overreacting; the logged information isn't that sensitive.
Cleartext passwords, even the wrong ones, are too sensitive to log. Not even
root should be able to get that kind of information. But since this has
already been fixed at a more-recent release, CVS is in good shape.
--
Ross A. Patterson
Chief Technology Officer
CatchFIRE Systems, Inc.
5885 Trinity Parkway, Suite 220
Centreville, VA 20120
(703) 563-4164