[Pkg-nagios-devel] Bug#288620: nagios-common: nagios CGI reveal potentially sensitive information
Martin Zobel-Helas
Martin Zobel-Helas <mhelas@helas.net>, 288620@bugs.debian.org
Tue, 4 Jan 2005 21:40:28 +0100
Hi Jerome, hi Nagios-Maintainers
On Tuesday, 04 Jan 2005, you wrote:
> Package: nagios-common
> Version: 2:1.3-0+pre6
> Severity: critical
> Tags: security
> Justification: root security hole
>
>
> not a root security problem, but anyway...
>
> by clicking on "Process Info" in the Nagios CGI, at
> the bottom of the page appears the complete connection string to
> the database (I use PostgreSQL, but the problem is certainely the
> same with MySQL).
I am using nagios-mysql 2:1.3-0+pre6 and i dont have this problem.
> the connection string includes the password, if one is set.
Greetings
Martin
--
"And, you know, I mustn't preach to you, but surely it wouldn't be right for
you to take away people's pleasure of studying your attire, by just going
and making yourself like everybody else. You feel that, don't you?" said
he, earnestly.
-- William Morris, "Notes from Nowhere"