domain user name and password visable to all

Bug #461398 reported by faceless on 2009-10-26
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apt-setup (Ubuntu)
Medium
Canonical Foundations Team

Bug Description

Binary package hint: aptitude

in /etc/apt/apt.conf

the domain user name and password are plainly visible.

Acquire::http::Proxy "http://myusernamer:mypassword@myproxy server:3128/";

this was created during the kubuntu install and was not made clear that this would be in clear text, also the instructions were vague enough that i did not use the proxy server name just the domain name. consequently aptitude would not update and that is how i found the above problem

This was in Karmic freeze downloaded 10/23/09

Jamie Strandboge (jdstrand) wrote :

Thank you for using Ubuntu and taking the time to report a bug. Can you please give the output of this command:
$ ls -l /etc/apt/apt.conf

affects: aptitude (Ubuntu) → apt (Ubuntu)
Changed in apt (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
status: New → Incomplete

I have enclosed the output in the attached file, could not get it to cut and paste from term.

Thx

zack geelhoed

> Date: Fri, 30 Oct 2009 16:28:31 +0000
> From: <email address hidden>
> To: <email address hidden>
> Subject: [Bug 461398] Re: domain user name and password visable to all
>
> Thank you for using Ubuntu and taking the time to report a bug. Can you please give the output of this command:
> $ ls -l /etc/apt/apt.conf
>
> ** Package changed: aptitude (Ubuntu) => apt (Ubuntu)
>
> ** Changed in: apt (Ubuntu)
> Status: New => Incomplete
>
> ** Changed in: apt (Ubuntu)
> Assignee: (unassigned) => Jamie Strandboge (jdstrand)
>
> --
> domain user name and password visable to all
> https://bugs.launchpad.net/bugs/461398
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in “apt” package in Ubuntu: Incomplete
>
> Bug description:
> Binary package hint: aptitude
>
> in /etc/apt/apt.conf
>
> the domain user name and password are plainly visible.
>
>
> Acquire::http::Proxy "http://myusernamer:mypassword@myproxy server:3128/";
>
> this was created during the kubuntu install and was not made clear that this would be in clear text, also the instructions were vague enough that i did not use the proxy server name just the domain name. consequently aptitude would not update and that is how i found the above problem
>
> This was in Karmic freeze downloaded 10/23/09
>

_________________________________________________________________
Hotmail: Trusted email with powerful SPAM protection.
http://clk.atdmt.com/GBL/go/177141665/direct/01/

visibility: private → public
affects: apt (Ubuntu) → ubiquity (Ubuntu)
Changed in ubiquity (Ubuntu):
assignee: Jamie Strandboge (jdstrand) → nobody
status: Incomplete → Confirmed
Changed in ubiquity (Ubuntu):
importance: Undecided → Medium
Changed in ubiquity (Ubuntu):
assignee: nobody → Canonical Foundations Team (canonical-foundations)
Colin Watson (cjwatson) on 2011-06-14
affects: ubiquity (Ubuntu) → apt-setup (Ubuntu)
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Bug attachments