login passwd not masked in remote command modus
Tom
tom at penumbra.be
Sat Nov 12 02:33:51 EST 2005
Hi,
I've recently discovered a rather nasty bug. My login password is
visible when I use the following command:
arioch at server ~ $ ssh arioch at 192.168.0.1 sudo tail -f /var/log/messages; exit
Password: ********** (user - masked)
Password: my_not-so-secret-anymore_password (root - not masked)
-tail output-
This has been tested with openssh on OpenBSD, FreeBSD and Gentoo/Linux,
all with up-to-date versions of both OpenSSH and Sudo and the output is
equally the same.
Hoping to be of any service,
Tom D.V.
--
tom at penumbra.be
arioch at penumbra.be
More information about the openssh-unix-dev
mailing list