[Pkg-nagios-devel] Bug#290319: nagios-mysql: Leaks cleartext password in /var/log/messages
Mikael Magnusson
Mikael Magnusson <mikma@users.sourceforge.net>, 290319@bugs.debian.org
Thu, 13 Jan 2005 16:24:29 +0100
Package: nagios-mysql
Version: 2:1.3-0+pre6
Severity: important
nagios-mysql leaks the database password in /var/log/messages if it can't
connect to the mysql server.
nagios: Error: Could not connect to MySQL database 'nagios' on host '' using username 'nagios' and password 'xxxxxxxxx'. Retention data will not be processed or saved!
The line above is logged in /var/log/messages and the password is in
cleartext. I think the password should be replaced with asterisks.
Regards,
Mikael Magnusson
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (800, 'testing'), (700, 'unstable')
Architecture: i386 (i586)
Kernel: Linux 2.6.9-1-mulder
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages nagios-mysql depends on:
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii libgd2-xpm 2.0.33-1.1 GD Graphics Library version 2
ii libjpeg62 6b-9.hem.za.org-1 The Independent JPEG Group's JPEG
ii libmysqlclient10 3.23.56-2 LGPL-licensed client library for M
ii libpng12-0 1.2.8rel-1 PNG library - runtime
ii nagios-common 2:1.3-0+pre6 A host/service/network monitoring
ii zlib1g 1:1.2.2-3 compression library - runtime
-- debconf information:
nagios/warnmovedcommands:
nagios/warncoords:
* nagios/wwwsuid: true
nagios/newapachecfg:
nagios/upgradefromnetsaint:
* nagios/configapache: Apache
nagios/warnupgrade_5_6: