Problem with a password containing space char
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dbconfig-common (Debian) |
Confirmed
|
Unknown
|
|||
dbconfig-common (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
Binary package hint: dbconfig-common
Description: Ubuntu 10.04 LTS
Release: 10.04
dbconfig-common version: 1.8.44ubuntu1
Process of instalation (for example) phpmyadmin:
* the installation script uses dbconfig-common
* the bug occurs, when choosing any pasword (for phpmyadmin), containing space character, for example aaaa bbbb
In such case:
* /etc/dbconfig-
dbc_dbpass='aaaa bbbb'
* but the password of the user phpmyadmin in the table mysql/user is truncated and set to 'aaaa'
As the result:
* after logging into phpmyadmin the error appears:
"Connection for controluser as defined in your configuration failed."
* the resulting truncated password which is actually set by dbconfig-common may be VERY WEAK (serious security hole)
I suppose it's bug of dbconfig-common and not a bug of phpmyadmin. (But maybe I'm wrong.)
Workaround:
* You must verify the password in the mysql database and correct it by hand with help of the mysql client.
* don't use passwords containing space character
The next problem:
When attempting to reconfigure the phpmyadmin interactively by means of
# dpkg-reconfigure -plow phpmyadmin
there is no subsequent question about phpmyadmin password. The original (corrupted) password remain unchanged even if the username was changed (for example, from 'phpmyadmin' to 'pma').
The file /etc/dbconfig-
Related branches
security vulnerability: | yes → no |
visibility: | private → public |
Changed in dbconfig-common (Debian): | |
status: | Unknown → New |
Changed in dbconfig-common (Debian): | |
status: | New → Confirmed |
Thanks for the bug report, ill take a look at this for maverick.