Possible security problem in hostbased user authentication?

Choung S. Park / Choung Networks cspark at choung.net
Thu Oct 6 11:51:04 EST 2005


In auth2-hostbased.c, line #146

    if (auth_rhosts2(pw, cuser, chost, chost) == 0)
                                       ^^^^^

shouldn't this be

    if (auth_rhosts2(pw, cuser, chost, ipaddr) == 0)
                                       ^^^^^^

The code was found in 4.2.

Best regards,
Choung S.Park




More information about the openssh-unix-dev mailing list