mythfilldatabase shows first 6 letters of password with wget command
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MythTV |
Unknown
|
Unknown
|
|||
mythtv (Ubuntu) |
Fix Released
|
Low
|
Unassigned |
Bug Description
Binary package hint: mythtv
I saw hard drive activity on my server and ran iotop. I was astonished to see my username and the first 6 letters of my password to my schedulesdirect.org account in the wget command mythfilldatabase was executing. Other people use this server and they could easily see this.
wget --http-
Thank You For Your TIme
ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: mythtv-backend 0.23.1+
ProcVersionSign
Uname: Linux 2.6.35-22-generic x86_64
Architecture: amd64
Date: Tue Nov 9 00:07:33 2010
Installed_
Installed_
MythTVDirectory
ProcEnviron:
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: mythtv
Changed in mythtv: | |
status: | Unknown → Confirmed |
Changed in mythtv: | |
status: | Confirmed → Unknown |
I also noticed that wget was connecting to a non-ssl link
http:// webservices. schedulesdirect .tmsdatadirect. com/schedulesdi rect/tvlistings /xtvdService
so I imagine this info is also being transmitted insecurely over the internet.
Thank You For Your Time