Originally Published: Tuesday, 7 September 1999 Author: Quentin Cregan
Published to: news_enhance_security/Security News Page: 1/1 - [Printable]

xscreensaver potentially gives away crypted root password

In a post to the LSAP mailing lists, Olaf Kirch indicated that after a brief audit of xscreensaver, he'd noticed the software made a copy of the encrypted root password. Should the software crash early, the crypted password could be presented, leading to a potential brute force attack.