alkar1 / droidsshd

Automatically exported from code.google.com/p/droidsshd
0 stars 0 forks source link

Password on command line visible from /proc #31

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Install droidsshd
2. Set a password and start the server on boot
3. Look at the output of `ps`, weeks later, and realize the password has been 
available in plain text the whole time for any user who could read /proc

What is the expected output? What do you see instead?
The expected output is *nothing*, if it could be used maliciously.  Not even 
droidsshd should know its password.

What version of the product are you using? On what operating system?
droidsshd 0.5
Android 4.0.4

Please provide any additional information below.
Remember: This report will be publicly visible. So, don't include passwords or 
other confidential information.

The irony.

Original issue reported on code.google.com by eric.boc...@gmail.com on 5 Dec 2012 at 3:26