I was browsing the wiki page for toribash, and it's having a database issue. But one thing I noticed is it tells you the root password :o.

121630

Um it doesn't tell you the root password. All it shows you is the database username.

too verbose error feedback is a indeed a (small) security issue as it can reveal some of the inner workings of the application, which can be helpful to someone looking for an attack vector,
but where exactly do you see that root password ?

too verbose error feedback is a indeed a (small) security issue as it can reveal some of the inner workings of the application, which can be helpful to someone looking for an attack vector,
but where exactly do you see that root password ?

at the bottom.

Are you interpreting "YES" as the root password? :p

121630 ?


[edit]
Nope.. thats comment No.

Are you interpreting "YES" as the root password? :p

Maybe :-\"

Well, that just shows that a password is being used in the connection attempt (as opposed to "using password: NO" if someone forgot to include it).

FYI security issues are probably not best reported in the Cafe on these forums.

There is a security section here.

Better yet use Launchpad, there is an option to report a bug as a security risk.

As the question is asked and answered, and this is not the right place, thread closed.