Information leakage in sshd
Jarno Huuskonen
jhuuskon at messi.uku.fi
Fri Dec 29 00:36:50 EST 2000
On Thu, Dec 28, Christian Kurz wrote:
> and here's a security related bug report. I think it's has been fixed in
> the 2.2.x-release of openssh, but I'm not sure. I tried to reproduce the
> problem with my 2.2.0p1 and could find any difference in the behaviour
> of ssh depending on wether PermitRootLogin was set to no. Could someone
> please confirm that this problem is not existing anymore?
I couldn't reproduce this with openssh-2.3.0p1 ... Here's output:
root at localhost's password:
Permission denied, please try again.
root at localhost's password:
Permission denied, please try again.
root at localhost's password:
Unable to find an authentication method
Here I gave the right passwd on first try and incorrect passwd on the 2nd/3rd
try.
-Jarno
--
Jarno Huuskonen - System Administrator | Jarno.Huuskonen at uku.fi
University of Kuopio - Computer Centre | Work: +358 17 162822
PO BOX 1627, 70211 Kuopio, Finland | Mobile: +358 40 5388169
More information about the openssh-unix-dev
mailing list