[Bug 1197018] [NEW] bacula-dir.conf does not use random password
Jacek Nykis
1197018 at bugs.launchpad.net
Tue Jul 2 15:43:13 UTC 2013
*** This bug is a security vulnerability ***
Private security bug reported:
During installation bacula creates /etc/bacula/common_default_passwords and uses this passwords in /etc/bacula/bacula-{sd,fd,dir}.conf files.
However DIRPASSWD from common_default_passwords does not match one in bacula-dir.conf, instead hardcoded value is used.
I installed bacula on 2 different systems and in both cases passwords in common_default_passwords were random and unique but bacula-dir.conf "Director" password was the same on both systems.
Ubuntu 12.04.2 LTS
bacula:
Installed: 5.2.5-0ubuntu6.2
Candidate: 5.2.5-0ubuntu6.2
Version table:
*** 5.2.5-0ubuntu6.2 0
500 http://gb.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages
100 /var/lib/dpkg/status
5.2.5-0ubuntu6 0
500 http://gb.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
** Affects: bacula (Ubuntu)
Importance: Undecided
Status: New
** Tags: precise
** Information type changed from Public to Private Security
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bacula in Ubuntu.
https://bugs.launchpad.net/bugs/1197018
Title:
bacula-dir.conf does not use random password
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bacula/+bug/1197018/+subscriptions
More information about the Ubuntu-server-bugs
mailing list