Closed
Bug 200005
Opened 21 years ago
Closed 21 years ago
pk12util displays the user's password in plain text, twice
Categories
(NSS :: Tools, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.9
People
(Reporter: nelson, Assigned: nelson)
Details
Attachments
(1 file)
|
1.97 KB,
patch
|
Details | Diff | Splinter Review |
Observe the following output from a run of the pk12util utility, reported in
the n.p.m.crypto newsgroup:
> >>pk12util -i "my.p12" -d "my directory" -v
> >
> > Enter Password or Pin for "NSS Certificate DB": *****
> > Enter password for PKCS12 file: *****
> > Converted from:
> > 73 77 61 6d 70 66 6f 78 31 31 0
> > Converted to:
> > 0 73 0 77 0 61 0 6d 0 70 0 66 0 6f 0 78 0 31 0 31 0 0
Those last 4 lines show the user's password twice, once in UTF-8 and
a second time in UCS-2. This serves no useful purpose, and is a security
flaw. The code that prints those 4 lines of output should be removed.
|
Assignee | |
Comment 1•21 years ago
|
||
Taking bug
Assignee: wtc → nelsonb
Priority: -- → P1
Target Milestone: --- → 3.9
|
|
Assignee | |
Updated•21 years ago
|
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 2•21 years ago
|
||
|
|
Assignee | |
Comment 3•21 years ago
|
||
fixed in rev 1.26 of pk12util.c for NSS 3.9
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•