[Bug 752464] New: save_y2logs can leak wireless passwords via LanItems.ycp
https://bugzilla.novell.com/show_bug.cgi?id=752464 https://bugzilla.novell.com/show_bug.cgi?id=752464#c0 Summary: save_y2logs can leak wireless passwords via LanItems.ycp Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: aspiers@suse.com QAContact: jsrain@suse.com Found By: Development Blocker: --- I ran save_y2logs for bug 752235 and was about to attach the .tar.gz to the bug when I had a 'spidersense' moment and decided to check that the .tar.gz didn't contain any passwords. It was lucky I checked, because I found my innerweb password in y2log: YaST2/y2log:2012-03-15 10:20:24 <5> indian(11489) [YCP] LanItems.ycp:1191 $["BOOTPROTO":"dhcp", "BROADCAST":"", "ETHTOOL_OPTIONS":"", "IFPLUGD_PRIORITY":"0", "IPADDR":"", "MTU":"", "NAME":"WiFi Link 6000 Series", "NETWORK":"", "PREFIXLEN":"32", "REMOTE_IPADDR":"", "STARTMODE":"ifplugd", "USERCONTROL":"no", "WIRELESS_AP":"", "WIRELESS_AP_SCANMODE":"1", "WIRELESS_AUTH_MODE":"eap", "WIRELESS_BITRATE":"auto", "WIRELESS_CA_CERT":"", "WIRELESS_CHANNEL":"", "WIRELESS_CLIENT_CERT":"", "WIRELESS_CLIENT_KEY":"", "WIRELESS_CLIENT_KEY_PASSWORD":"", "WIRELESS_DEFAULT_KEY":"0", "WIRELESS_EAP_AUTH":"PEAP", "WIRELESS_EAP_MODE":"PEAP", "WIRELESS_ESSID":"Novell", "WIRELESS_FREQUENCY":"", "WIRELESS_KEY":"", "WIRELESS_KEY_0":"", "WIRELESS_KEY_1":"", "WIRELESS_KEY_2":"", "WIRELESS_KEY_3":"", "WIRELESS_KEY_LENGTH":"128", "WIRELESS_MODE":"Managed", "WIRELESS_NICK":"", "WIRELESS_NWID":"", "WIRELESS_PEAP_VERSION":"", "WIRELESS_POWER":"no", "WIRELESS_WPA_ANONID":"", "WIRELESS_WPA_IDENTITY":"aspiers", "WIRELESS_WPA_PASSWORD":"[censored :-)]", "WIRELESS_WPA_PSK":"", "_aliases":$[]] It looks like WIRELESS_CLIENT_KEY_PASSWORD would have been leaked too. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=752464
https://bugzilla.novell.com/show_bug.cgi?id=752464#c
Christian Boltz
https://bugzilla.novell.com/show_bug.cgi?id=752464
https://bugzilla.novell.com/show_bug.cgi?id=752464#c1
Martin Vidner
https://bugzilla.novell.com/show_bug.cgi?id=752464
https://bugzilla.novell.com/show_bug.cgi?id=752464#c2
--- Comment #2 from Christian Boltz
https://bugzilla.novell.com/show_bug.cgi?id=752464
https://bugzilla.novell.com/show_bug.cgi?id=752464#c4
--- Comment #4 from Michal Filka
https://bugzilla.novell.com/show_bug.cgi?id=752464
https://bugzilla.novell.com/show_bug.cgi?id=752464#c7
--- Comment #7 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=752464
https://bugzilla.novell.com/show_bug.cgi?id=752464#c10
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=752464
https://bugzilla.novell.com/show_bug.cgi?id=752464#c11
--- Comment #11 from Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=752464
https://bugzilla.novell.com/show_bug.cgi?id=752464#c12
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=752464
https://bugzilla.novell.com/show_bug.cgi?id=752464#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=752464
https://bugzilla.novell.com/show_bug.cgi?id=752464#c13
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=752464
https://bugzilla.novell.com/show_bug.cgi?id=752464#c
Swamp Workflow Management
participants (1)
-
bugzilla_noreply@novell.com