Message Image

Skip main navigation (Press Enter).

File Share Encryption

View Only

Back to discussions

Expand all | Collapse all

PGP Userver Admin Password in Clear Text

Migration UserMay 24, 2012 12:18 PM

If you have debug turned on for your PGP Universal Server, the admin password is logged in clear text ...

Migration UserMay 29, 2012 09:42 AM

Well, Debug mode shows all kind of interactions, from internal sql commands, to raw lines, verbose information, ...

1. PGP Userver Admin Password in Clear Text

0 Recommend
Migration User
Posted May 24, 2012 12:18 PM

Reply Reply Privately
If you have debug turned on for your PGP Universal Server, the admin password is logged in clear text in your logs. It reminds of the recent problem Apple had with FileValut on OS X. Not a good feature!!
2. RE: PGP Userver Admin Password in Clear Text

0 Recommend
Migration User
Posted May 29, 2012 09:42 AM

Reply Reply Privately
Well, Debug mode shows all kind of interactions, from internal sql commands, to raw lines, verbose information, etc.

So when admin´s pass (md5 password) is read from database and decrypted to clear text....this processes is fully logged as well ....since thats debug mode for.

That´s why I don´t think this is bug; this is by design.

Moreover; anyone who can read the logs and the password (through web or ssh) , is administrator of the server.

Copyright 2019. All rights reserved.

Powered by Higher Logic