[Bug 235] New: While PermitEmptyPasswords no, user can connect, entering ANY other password
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sun May 5 23:45:52 EST 2002
http://bugzilla.mindrot.org/show_bug.cgi?id=235
Summary: While PermitEmptyPasswords no, user can connect,
entering ANY other password
Product: Portable OpenSSH
Version: 3.1p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: maxim at idknet.com
set "PermitEmptyPasswords no" in sshd_config
useradd test
vi shadow for setting EMPTY password
ssh test at localhost
after prompt "test at localhost's password:", enter any non empty password.
Authorization succeeds and "remote" user gain access to system.
It also valid if user is root.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-unix-dev
mailing list