[Bug 486] "PermitRootLogin no" can implicitly reveal root password
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue May 6 10:08:36 EST 2003
http://bugzilla.mindrot.org/show_bug.cgi?id=486
cjwatson at debian.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|FIXED |
------- Additional Comments From cjwatson at debian.org 2003-05-06 10:08 -------
This has reoccurred as of 3.6.1p2. With 3.6.1p1, there was no delay for a root
login when PermitRootLogin was off regardless of whether the supplied password
was correct or not. With 3.6.1p2 and "PermitRootLogin no", an incorrect password
for root incurs a delay while a correct password does not.
(Apologies if this should have been a new bug.)
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-unix-dev
mailing list