tian lan's picture


I've recently found 2 passwords in the source code of sencha-12.0.

one is "I7aUlKKVtAUececg" in turnkey-sencha-12.0-squeeze-x86-xen\etc\mysql\debian.cnf

the other is "ZeoJDU8l6a7X" in turnkey-sencha-12.0-squeeze-x86-xen\etc\phpmyadmin\config-db.php

is this a security bug?

Alon Swartz's picture

TurnKey Inithooks handle secret regeneration on firstboot very early in the boot process, so the services aren't running yet so there shouldn't even be a window of vulnerability.

As for the passwords you mentioned, they are handled in 20regen-mysql-secrets and 20regen-pmapass

tian lan's picture

thanks for your quick reply~~~

best wishes!

tian lan

Add new comment