oss-sec mailing list archives
Re: Clear text password in process list when using MySQL GUI tools
From: Josh Bressers <bressers () redhat com>
Date: Wed, 17 Nov 2010 08:38:06 -0500 (EST)
Steve,
What are the thoughts of MITRE on this one? This affects all sorts of stuff,
and I don't upstream removing the command line option (which is probably the
only fix).
Thanks.
--
JB
----- "Martin Drescher" <drescher () snafu de> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi ML. If you use some MySQL-GUI-tool in most (any?) linux distribution like mysql-admin or mysql-query-browser and then open 'Tools -> MySQL Text Console' your password, user name and host will become exposed in the process list. I think this issue must exists over a long time in many distributions now but nobody ever cared about. For Debian users: Packages mysql-query-browser, mysql-admin are affected. So far, Martin GnuPG Key Fingerprint, KeyID '4FBE451A': '2237 1E95 8E50 E825 9FE8 AEE1 6FF4 1E34 4FBE 451A' -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzir8gACgkQb/QeNE++RRqfIQCfaLDToS6pAfuj4/XgkYSKnBh0 nu8An3JJAp2nZWcOODOXX2KGs07ouATd =/nj6 -----END PGP SIGNATURE-----
Current thread:
- Clear text password in process list when using MySQL GUI tools Martin Drescher (Nov 16)
- Re: Clear text password in process list when using MySQL GUI tools Josh Bressers (Nov 17)
- Re: Clear text password in process list when using MySQL GUI tools Moritz Muehlenhoff (Nov 17)
- Re: Clear text password in process list when using MySQL GUI tools Steven M. Christey (Nov 17)
- Re: Clear text password in process list when using MySQL GUI tools Josh Bressers (Nov 18)
- Re: Clear text password in process list when using MySQL GUI tools Josh Bressers (Nov 17)