| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
|---|---|---|---|---|---|---|---|---|---|
| 0000061 | SKGB-intern | neues-kennwort | public | 2006-03-04 18:57 | 2006-03-06 00:27 | ||||
| Reporter | aj | ||||||||
| Assigned To | aj | ||||||||
| Priority | normal | Severity | minor | Reproducibility | always | ||||
| Status | resolved | Resolution | fixed | ||||||
| Projection | minor fix | ETA | none | ||||||
| Platform | Apple PowerBook G4 | OS | Mac OS X | OS Version | 10.4.3 | ||||
| Product Version | 1.0.1 | Product Build | |||||||
| Target Version | Fixed in Version | 1.1 | |||||||
| Summary | 0000061: pwtickets always contains user/password combo in clear | ||||||||
| Description | The user/password combination is spawned immediately after requesting the ticket and stored in the pwtickets file. If the ticket is never claimed, the user/password combo could be abused by an attacker with access to the pwticket. The user/password combo should only be added to the file after the user received it to minimize the risk period. | ||||||||
| Tags | No tags attached. | ||||||||
| Attached Files |
| ||||||||
 Relationships |
||||||
|
||||||
 Relationships |
| Notes |
|
| There are no notes attached to this issue. |
| Notes |