Comment 35 for bug 1492140
Revision history for this message
| Jeremy Stanley (fungi) wrote Re: consoleauth token displayed in log file | #35 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Thanks for the update, and I agree it sounds like there's not yet a good argument for an advisory. Maybe we need to include a warning somewhere (install docs? security guide?) that short-lived console access credentials can be leaked in hypervisor host logs, and to take appropriate precautions when granting access to those logs.
As for the websockify leak, is there a corresponding bug opened upstream with its maintainers?