[Bug 975] Kerberos authentication timing can leak information about account validity
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Jan 27 18:24:23 EST 2005
http://bugzilla.mindrot.org/show_bug.cgi?id=975
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #778 is|0 |1
obsolete| |
------- Additional Comments From dtucker at zip.com.au 2005-01-27 18:24 -------
Created an attachment (id=790)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=790&action=view)
check authctxt->valid on return too
I think it's safer to check authctxt->valid anyway in case, eg in case the user
is listed in DenyUsers.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list