| Yubico Forum https://forum.yubico.com/ |
|
| [BUG] Yubiradius 3.6.0 logs all passwords in plaintext https://forum.yubico.com/viewtopic.php?f=29&t=946 |
Page 1 of 1 |
| Author: | ronsdavis [ Wed Feb 06, 2013 8:16 pm ] |
| Post subject: | [BUG] Yubiradius 3.6.0 logs all passwords in plaintext |
The current release of YubiRadius logs all requests to /var/log/syslog and /var/log/debug The log entries appear as follows syslog:Feb 5 19:37:28 yubiradius3 ykropval[2955]: LOG_DEBUG:ykropval-verify:[127.0.0.1] Request: user=rdavis&password=DOGBREATH&otp=vvxxxxxxdieflrccltlhxxxxjdrfbxxxxgcnnljbdvrl In order to change this edit /usr/share/ykropval/ykropval-verify.php Line 19 reads $myLog->log(LOG_DEBUG, "Request: " . $_SERVER['QUERY_STRING']); Either comment out the line, or remove . $_SERVER['QUERY_STRING'] |
|
| Author: | Tom [ Thu Feb 07, 2013 3:13 pm ] |
| Post subject: | Re: [BUG] Yubiradius 3.6.0 logs all passwords in plaintext |
Hello again, This will be fixed in version 3.6.1 which will be released soon. Thank you for your post. |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|