[30231] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Demarc Puresecure v1.6 - Plaintext password issue -

daemon@ATHENA.MIT.EDU (David Barroso)
Fri May 23 15:29:26 2003

Date: Thu, 22 May 2003 12:06:33 +0200
From: David Barroso <dbarroso@s21sec.com>
To: "Ryan Purita" <ryan@totally-connected.com>
Message-Id: <20030522120633.11047358.dbarroso@s21sec.com>
In-Reply-To: <29BF1A5D7C62684F8F68D605B70F50770106F8@clubmed.totally-connected.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Wed, 21 May 2003 12:17:57 -0700
"Ryan Purita" <ryan@totally-connected.com> wrote:

The file psd.conf should be owned by root and its mode 600. Only if a person gets root access in that box, she could read the password. Lots of applications relay on that, for instance, snort, which is used by Demarc PureSecure, stores the SQL password in plain text in snort.conf.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[30231] in bugtraq

Re: Demarc Puresecure v1.6 - Plaintext password issue -

daemon@ATHENA.MIT.EDU (David Barroso)Fri May 23 15:29:26 2003

daemon@ATHENA.MIT.EDU (David Barroso)
Fri May 23 15:29:26 2003