|[Home] [Credit Search] [Category Browser] [Staff Roll Call]||The LINUX.COM Article Archive|
|Originally Published: Tuesday, 7 September 1999||Author: Quentin Cregan|
|Published to: news_enhance_security/Security News||Page: 1/1 - [Printable]|
xscreensaver potentially gives away crypted root password
In a post to the LSAP mailing lists, Olaf Kirch indicated that after a brief audit of xscreensaver, he'd noticed the software made a copy of the encrypted root password. Should the software crash early, the crypted password could be presented, leading to a potential brute force attack.