[Bug 503] New: Password is echoed when running passwd via ssh

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat Mar 8 01:48:53 EST 2003


           Summary: Password is echoed when running passwd via ssh
           Product: Portable OpenSSH
           Version: 3.4p1
          Platform: ix86
        OS/Version: Linux
            Status: NEW
          Severity: security
          Priority: P2
         Component: sshd
        AssignedTo: openssh-unix-dev at mindrot.org
        ReportedBy: kj at uue.org

client and server systems are RedHat 7.2 with openssh-3.1p1-6. When running "ssh
<otherhost> passwd <username>", the password is visible on the console:

[root at host1 root]# ssh host2 passwd user1
New password: <password visible here!>
Retype new password: <password visible here!>
Changing password for user user1
passwd: all authentication tokens updated successfully

I also ran tests with v3.4p1 on RedHat 8.0 as well as with and without public
key authentication, where this problem also occured.

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the openssh-unix-dev mailing list