[Bug 975] Kerberos authentication timing can leak information about account validity

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Jan 27 18:24:23 EST 2005


http://bugzilla.mindrot.org/show_bug.cgi?id=975


dtucker at zip.com.au changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #778 is|0                           |1
           obsolete|                            |




------- Additional Comments From dtucker at zip.com.au  2005-01-27 18:24 -------
Created an attachment (id=790)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=790&action=view)
check authctxt->valid on return too

I think it's safer to check authctxt->valid anyway in case, eg in case the user
is listed in DenyUsers.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list