The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Security Update: [CSSA-2002-024.0] Volution Manager: Directory Administrator password in cleartext


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Mon, 3 Jun 2002 13:58:59 -0700
From: [email protected]
To: [email protected], [email protected],
Subject: Security Update: [CSSA-2002-024.0] Volution Manager: Directory Administrator password in cleartext

--GvXjxJ+pjyke8COw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

To: [email protected] [email protected] [email protected]


______________________________________________________________________________

		Caldera International, Inc.  Security Advisory

Subject:		Volution Manager: Directory Administrator password in cleartext
Advisory number: 	CSSA-2002-024.0
Issue date: 		2002 June 3
Cross reference:
______________________________________________________________________________


1. Problem Description

	Volution Manager stores the unencrypted Directory
	Administrator's password in the /etc/ldap/slapd.conf file.

	This vulnerability will be corrected in the next release of
	Volution Manager.


2. Vulnerable Supported Versions


	System				Package
	----------------------------------------------------------------------
	Volution Manager 1.1		Standard


3. Solution

	Volution Manager stores the un-encrypted Directory
	Administrator's password in the /etc/ldap/slapd.conf file.
	The password line looks similar to this:

		rootpw		<clear_text_password>

	Caldera strongly recommends that you encrypt this password,
	using the following steps:

	As the root user, run slappasswd, entering your desired
	password at the prompts (the example uses newpasswd as the new
	password; the password will not be seen as you type it).

	# slappasswd
	New password: newpasswd
	Re-enter new password: newpasswd
	{SSHA}AvcGnFPjUCqbIs/Ki8XfiOYJwttfwnRz
	#

	The output is the new, encrypted password. In the file
	/etc/ldap/slapd.conf, replace the previous rootpw line with a
	line containing the new, encrypted password so that the line
	looks similar to this:

		rootpw		{SSHA}AvcGnFPjUCqbIs/Ki8XfiOYJwttfwnRz


4. References

	Specific references for this advisory:
		none

	Caldera OpenLinux security resources:
		http://www.caldera.com/support/security/index.html

	Caldera UNIX security resources:
		http://stage.caldera.com/support/security/

	This security advisory closes Caldera incidents sr864231,
	erg501574.



5. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on this website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera products.

______________________________________________________________________________

--GvXjxJ+pjyke8COw
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjz72JMACgkQbluZssSXDTFGYQCfX0cnLbZoZjuVYlv/oMgkdRWd
ZyQAniNtDNeeCoU8zZfWkbsC03tx5Bp1
=Hb6I
-----END PGP SIGNATURE-----

--GvXjxJ+pjyke8COw--

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру