You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@vcl.apache.org by "Andy Kurth (JIRA)" <ji...@apache.org> on 2015/08/12 19:12:46 UTC
[jira] [Updated] (VCL-885) Windows.pm::sanitize_files doesn't
remove password if default changed since capture
[ https://issues.apache.org/jira/browse/VCL-885?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andy Kurth updated VCL-885:
---------------------------
Fix Version/s: (was: 2.4.3)
2.5
Issue Type: Bug (was: Improvement)
Summary: Windows.pm::sanitize_files doesn't remove password if default changed since capture (was: Windows.pm::sanitize_files doesn't remove password if changed since capture)
> Windows.pm::sanitize_files doesn't remove password if default changed since capture
> -----------------------------------------------------------------------------------
>
> Key: VCL-885
> URL: https://issues.apache.org/jira/browse/VCL-885
> Project: VCL
> Issue Type: Bug
> Components: vcld (backend)
> Affects Versions: 2.4.2
> Reporter: Andy Kurth
> Assignee: Andy Kurth
> Fix For: 2.5
>
>
> The password of the root and Administrator accounts in Windows images get set to a known value stored in _vcld.conf_ when an image is captured. These accounts' passwords are randomized after an image is loaded.
> There is at least one script (_autologon_enable.cmd_) stored in Windows images which contains the default password. {{Windows.pm::sanitize_files}} attempts to remove the default password from this script and other files it finds under _C:\Cygwin\home\root_.
> If the default password is changed in _vcld.conf_ after an image is captured, the old password will not be removed from the files because the VCL process only searches for the current value. This should be improved.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)