[Bug 486] "PermitRootLogin no" can implicitly reveal root password

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue May 6 10:08:36 EST 2003


cjwatson at debian.org changed:

           What    |Removed                     |Added
             Status|RESOLVED                    |REOPENED
         Resolution|FIXED                       |

------- Additional Comments From cjwatson at debian.org  2003-05-06 10:08 -------
This has reoccurred as of 3.6.1p2. With 3.6.1p1, there was no delay for a root
login when PermitRootLogin was off regardless of whether the supplied password
was correct or not. With 3.6.1p2 and "PermitRootLogin no", an incorrect password
for root incurs a delay while a correct password does not.

(Apologies if this should have been a new bug.)

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the openssh-unix-dev mailing list