/etc/openfortivpn/config is world readable but might contain passwords
Bug #1908095 reported by
Alvin
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| openfortivpn (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
The default permissions of /etc/openfortiv
Since this file, when used, will have a high chance of containing passwords, it wou be better to restrict access to root only.
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: openfortivpn 1.12.0-1
ProcVersionSign
Uname: Linux 5.4.78-2-pve x86_64
ApportVersion: 2.20.11-
Architecture: amd64
CasperMD5CheckR
Date: Mon Dec 14 17:51:59 2020
SourcePackage: openfortivpn
UpgradeStatus: No upgrade log present (probably fresh install)
modified.
mtime.conffile.
Revision history for this message
| Alvin (alvind) wrote | #1 |
| information type: | Private Security → Public |
Revision history for this message
| Seth Arnold (seth-arnold) wrote | #2 |
| Changed in openfortivpn (Ubuntu): | |
| status: | New → Confirmed |
| tags: | added: community-security |
To post a comment you must log in.
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with Debian and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https:/