[35864] in bugtraq
Re: CVS woes: .cvspass
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue Jul 27 23:53:08 2004
Message-Id: <200407271819.i6RIJnEO005967@turing-police.cc.vt.edu>
To: Chiaki <ishikawa@yk.rim.or.jp>
Cc: bugtraq@securityfocus.com
In-Reply-To: Your message of "Tue, 27 Jul 2004 03:00:52 +0900."
<410546D4.6030103@yk.rim.or.jp>
From: Valdis.Kletnieks@vt.edu
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_-1914559229P";
micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Tue, 27 Jul 2004 14:19:49 -0400
--==_Exmh_-1914559229P
Content-Type: text/plain; charset=us-ascii
On Tue, 27 Jul 2004 03:00:52 +0900, Chiaki <ishikawa@yk.rim.or.jp> said:
> Granted that many of these files under user home directories
> visible on the web
> must be the password to be used by anonymous server or
> publicly usable CVS server, but I doubt if ALL of them
> are the result of such benign neglect.
If a user's home directory is visible via a web browser, the .cvspass
is probably not the biggest problem....
--==_Exmh_-1914559229P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFBBpzFcC3lWbTT17ARAvHFAJ9dcDz3OG/g2Urk/+bIdT5AJAOtswCg0epY
laObpTWaF6jfGYt9IOJ+dS8=
=Cuex
-----END PGP SIGNATURE-----
--==_Exmh_-1914559229P--
