Bug 203914 - www/owncloud: DB password unhashed
Summary: www/owncloud: DB password unhashed
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Sunpoet Po-Chuan Hsieh
URL:
Keywords: needs-qa, security
Depends on:
Blocks:
 
Reported: 2015-10-21 05:33 UTC by O. Hartmann
Modified: 2019-09-04 20:24 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (kevlo)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description O. Hartmann 2015-10-21 05:33:38 UTC
On a fresh installation of www/owncloud, I find the DB passowrd issued for connecting to the PostgreSQL server in clear text! On an older installation, there is a hashed version of the password.

This is considered a high security risk!
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2015-10-21 05:41:14 UTC
Is this something that needs to be reported, and (also) fixed upstream, or is it a configuration default that can be improved upon?
Comment 2 Rene Ladan freebsd_committer 2018-01-12 11:22:58 UTC
Maintainer reset.
Comment 3 Walter Schwarzenfeld freebsd_triage 2019-09-04 20:24:15 UTC
Maintainer feedback, please resp. is this still relevant?