Administrator password stored in the clear?

Kip_Ingram · January 8, 2007, 1:57pm

Hi. After I installed Wildfire I found that my specified admin password showed up in two files in the embedded-db directory. The password was stored in the clear, and furthermore the files were readable by anyone.

Is this normal? I changed the attributes on these files to root-only; will this cause a problem? The files are wildfire.log and wildfire.script.

This seems like a severe issue that should be fixed at the source; not everyone will notice and fix it after the fact.

LG1 · January 8, 2007, 2:15pm

Hi,

which user are you using while running Wildfire? The user must have access to read and write embedded-db/*.

@Is this normal? Yes, sad to say. I did post the rights issue in the wiki some month ago and now I did update JM-872 to get this fixed for Wildfire 3.2.0.

One may track the progress of the plain text “admin” account problem in this new issue JM-930.

LG