[Openvas-devel] CfV: CR #31 - Removing support for plaintext password storage

Michael Wiegand michael.wiegand at intevation.de
Wed Apr 29 15:54:17 CEST 2009


Hello,

while refactoring the OpenVAS user creation for the
openvas-config-manager module, I noticed that the openvas-adduser script
shipped with openvas-server will under certain conditions store the
password of the new user as plaintext.

You can read more details on this issue in the change request I've
prepared:
http://www.openvas.org/openvas-cr-31.html

Removing this "feature" as described in the CR will take very little
effort and will not break compatibility with existing installations.

Since I'd like to start working on this ASAP, I'd like to call for votes
regarding this CR. Please respond to this mail on openvas-devel and
indicate if you are in favor of this CR (+1), don't care (+-0) or are
against it (-1). Thank you!

Regards,

Michael

-- 
Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de
Neuer Graben 17, 49074 Osnabrück, Germany   |    AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann,  Bernhard Reiter,  Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090429/13ba5ffc/attachment.sig>


More information about the Openvas-devel mailing list