[Openvas-devel] CfV: CR #31 - Removing support for plaintext password storage
michael.wiegand at intevation.de
Thu Apr 30 10:28:01 CEST 2009
* Jan-Oliver Wagner [30. Apr 2009]:
> we might even consider writing a announcement that people
> should search for "password" files in ....users/ directory for
> both, OpenVAS and Nessus.
I would be pretty easy for me to provide a script for conversion as
well; since we "know" the plaintext password, we can use it to build the
corresponding auth/hash file and (re)move the auth/password file. Users
will still be able to use the same password and will not notice any
As I said in the CR, we will need a script like this sooner or later to
convert existing installation once we switch off support in openvasd; we
might as well write one now.
I suspect the exact location of the user directory has changed over
time, so I'm not sure if this will work with all older Nessus or OpenVAS
versions. But if we provide a script and the server administrator knows
the location of the user directory, the adjustment should be pretty
straightforward and not beyond the capabilities of most administrators.
Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de
Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 198 bytes
Desc: not available
Url : http://lists.wald.intevation.org/pipermail/openvas-devel/attachments/20090430/2fbc7086/attachment-0001.pgp
More information about the Openvas-devel