Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Thu, 5 Mar 2009 10:15:50 -0500
From: "Michael K. Johnson" <johnsonm@...th.com>
To: oss-security@...ts.openwall.com
Subject: Re: lxc-sshd security issues?

On Wed, Mar 04, 2009 at 05:30:33PM -0500, Michael K. Johnson wrote:
> I have not received any response to this query upstream, and I
> was wondering if anyone else has noticed this issue, and if so,
> if they have any plans with regard to it.  rPath isn't shipping
> lxc at this point, so we have no plans for a security advisory.
> But does pre-configured account information including root and
> user passwords bother anyone else here?

I finally got the right contact info upstream, and we're talking
about this, so expect it to not be a problem in future releases.
For the record, it's dummy auth data, but still could be seen as a
backdoor, and will probably be changed to user-configured value.

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux