Hi,
I’ve received this bug report against the Debian package for wpasupplicant.
--
Cheers,
Andrej
----- Original message -----
From: Vladimir K <pzs-fs@xxxxxxxxx>
To: Debian Bug Tracking System <submit@xxxxxxxxxxxxxxx>
Subject: Bug#996330: wpasupplicant: wpa_supplicant logs sensitive data in cleartext
Date: Wednesday, 13 October 2021 09:39
Package: wpasupplicant
Version: 2:2.9.0-22+b1
Severity: important
Dear Maintainer, wpa_supplicant can not use hardware token again if it was
unplugged at some point after previous use by wpa_supplicant, requires service restart.
(other applications do not experience such problems)
The other problem is that on any error with the token it dumps pin in clear text to the log:
Oct 13 10:00:22 hostname wpa_supplicant[3834594]: ENGINE: cannot load private key with id 'pkcs11:{full_pkcs11_url}?pin-value={cleartext_pin_value}' [error:8206B032:PKCS#11 module:pkcs11_find_keys:Device removed]
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (900, 'testing'), (400, 'unstable'), (300, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.14.0-2-amd64 (SMP w/8 CPU threads)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages wpasupplicant depends on:
ii adduser 3.118
ii libc6 2.32-4
ii libdbus-1-3 1.12.20-2
ii libnl-3-200 3.4.0-1+b1
ii libnl-genl-3-200 3.4.0-1+b1
ii libnl-route-3-200 3.4.0-1+b1
ii libpcsclite1 1.9.4-1
ii libreadline8 8.1-2
ii libssl1.1 1.1.1l-1
ii lsb-base 11.1.0
wpasupplicant recommends no packages.
Versions of packages wpasupplicant suggests:
ii libengine-pkcs11-openssl 0.4.11-1
ii wpagui 2:2.9.0-22+b1
-- no debconf information
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
