[Bug 1201962] New: Bootloader password leaked into_YaST logs
https://bugzilla.suse.com/show_bug.cgi?id=1201962 Bug ID: 1201962 Summary: Bootloader password leaked into_YaST logs Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 Assignee: yast2-maintainers@suse.de Reporter: ancor@suse.com QA Contact: jsrain@suse.com Found By: --- Blocker: --- In yast2-bootloader (even during system installation) if the option "Protect Boot Loader with Password" is used, YaST executes the command grub2-mkpasswd-pbkdf2 to generate the hashed password. Doing so, it leaks the typed password to the YaST logs. https://github.com/yast/yast-bootloader/blob/master/src/lib/bootloader/grub2... -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1201962
David Diaz
https://bugzilla.suse.com/show_bug.cgi?id=1201962
https://bugzilla.suse.com/show_bug.cgi?id=1201962#c8
--- Comment #8 from Swamp Workflow Management
https://bugzilla.suse.com/show_bug.cgi?id=1201962
https://bugzilla.suse.com/show_bug.cgi?id=1201962#c9
--- Comment #9 from Swamp Workflow Management
https://bugzilla.suse.com/show_bug.cgi?id=1201962
https://bugzilla.suse.com/show_bug.cgi?id=1201962#c10
--- Comment #10 from Swamp Workflow Management
https://bugzilla.suse.com/show_bug.cgi?id=1201962
https://bugzilla.suse.com/show_bug.cgi?id=1201962#c11
--- Comment #11 from Swamp Workflow Management
https://bugzilla.suse.com/show_bug.cgi?id=1201962
https://bugzilla.suse.com/show_bug.cgi?id=1201962#c12
Johannes Segitz
participants (1)
-
bugzilla_noreply@suse.com