Comment 12 for bug 1458052
Revision history for this message
| Seth Arnold (seth-arnold) wrote Re: Azure Datasource writes user password in plain text | #12 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
We've decided this is a "security hardening" measure rather than a security issue, and thus won't apply for a CVE and won't attempt an embargoed coordination with other vendors: any process that has sufficient privileges to read this file and thus the password has every opportunity to perform dozens of other privileged operations that would expose or reset this password.
Ben said he'd follow through with the SRU process; this makes sense to us.
Thanks