Major bug! Every user can see your smb password in clear tex
On Sunday 29 April 2012 22:17:10 Morten Andersen wrote:
If you configure a global backup user/operator for smb in config.pl you will
see this password in clear text if you select view source on the Edit
Config->Xfer page.
Note 1: Windows security isn't that tight. (Altough it got a bit better with
the AD.)
Note 2: If you don't want the password in the config (that can only be seen by
an authorized user and should only run on apache with ssh or inside a trusted
environment), you might want to read the man-pages of smbclient, specially the
parts about storing the passwords in secure files with tight ownership.
Have fun,
Arnold
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats.
http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
List:
https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:
http://backuppc.wiki.sourceforge.net
Project:
http://backuppc.sourceforge.net/
