[Galen Hancock <galen at veribox.net>] Information leakage in sshd

Philip Hands phil at hands.com
Fri Mar 10 04:12:02 EST 2000


Thought I'd just forward this here, because I don't have time to look
into it right now, and am off skiing next week.

I'd guess that we should be checking for username = ``root'' before
going off to do password checks, and rejecting it on that basis first.

Cheers, Phil.
Mind-numbingly stupid UK law alert!
Act now to stop it!   http://www.stand.org.uk/
-------------- next part --------------
An embedded message was scrubbed...
From: Galen Hancock <galen at veribox.net>
Subject: Information leakage in sshd
Date: Wed, 8 Mar 2000 11:20:39 -0800
Size: 1430
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20000309/7f094309/attachment.mht 
-------------- next part --------------

More information about the openssh-unix-dev mailing list