OCS Inventory 2.0 not used dbconfig - Security issue by default
Bug #954283 reported by
FR. Loïc
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OCS Inventory: Server |
Invalid
|
Undecided
|
Unassigned | ||
Debian |
New
|
Undecided
|
Unassigned | ||
Ubuntu |
Opinion
|
Undecided
|
Unassigned |
Bug Description
Hello and thank you for your work,
Since version 2 of ocsinventory no longer uses dbconfig-common to create database with a chosen password.
A security message is displayed, the handling to make:
http://
But if dbconfig is used again only the password for the admin account should be changed.
Debian and Ubuntu requires a minimum of security by default and it is not the case with this version of ocsinventory.
If the database is created with dbconfig, one can use the command dpkg --purge to remove database and the package which is no longer the case at present.
Best regards,
Changed in ubuntu: | |
status: | New → Invalid |
Changed in ubuntu: | |
status: | Invalid → Opinion |
security vulnerability: | no → yes |
To post a comment you must log in.
hello
this is a packaging problem.
best regards