Bug 41105 – Joinskript-Passwort in Prozessliste sichtbar

Bug 41105 - Joinskript-Passwort in Prozessliste sichtbar


Summary:	Joinskript-Passwort in Prozessliste sichtbar

Status:	RESOLVED DUPLICATE of bug 46842

Product:	UCS
Classification:	Unclassified
Component:	Join (univention-join)
Version:	UCS 4.1
Hardware:	Other Linux

Importance:	P2 normal (vote)
Target Milestone:	---
Assigned To:	UCS maintainers
QA Contact:

URL:
Keywords:

Depends on:	20611
Blocks:
	Show dependency tree / graph

Reported:	2016-04-25 09:12 CEST by Jan Christoph Ebersbach
Modified:	2019-02-18 17:00 CET (History)
CC List:	8 users (show)

See Also:
What kind of report is it?:	Security Issue
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Security
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jan Christoph Ebersbach

2016-04-25 09:12:34 CEST

This is a security relevant issue that allows all users and processes to see the Administrator's password during system join and every other call of join scripts.

+++ This bug was initially created as a clone of Bug #20611 +++

Derzeit ist das an Joinskripte übergebene Passwort in der Prozessliste sichtbar.

Hier sollte (ggf. in Verbindung mit Bug 20610) geprüft werden, wie dies verhindert werden kann.

Comment 1 Florian Best

2017-06-28 14:52:39 CEST

There is a Customer ID set so I set the flag "Enterprise Customer affected".

Comment 2 Stefan Gohmann

2019-01-03 07:22:16 CET

This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018.

Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact
your partner or Univention for any questions.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.

Comment 3 Florian Best

2019-02-18 17:00:03 CET


*** This bug has been marked as a duplicate of bug 46842 ***