Date: Tue, 11 Feb 2003 21:22:13 -0800 From: Kris Kennaway <kris@obsecurity.org> To: BSD baby <bsd@hitmedia.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: OpenSSH security hole on FreeBSD? Message-ID: <20030212052213.GA31883@rot13.obsecurity.org> In-Reply-To: <20030211194457.A22618@mail.hitmedia.com> References: <20030211194457.A22618@mail.hitmedia.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--/9DWx/yDrRhgMJTb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Feb 11, 2003 at 07:44:57PM -0800, BSD baby wrote: > TWO major security holes: >=20 > #1 - It won't let me turn off passwords=20 > (PasswordAuthentication no) Don't know about this one. > #2 - It only requires I type the first 8 characters > of my password! (I use 16-character password.) That's because you're using DES passwords, which only allow 8 characters. See login.conf(5). Kris --/9DWx/yDrRhgMJTb Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+SdoFWry0BWjoQKURAkByAJ92NLjCxrmcTzZlu4fT0NezZmCv/ACbBNfd oj2Kr0LTxmvIXrI+v/tPC2o= =3TuZ -----END PGP SIGNATURE----- --/9DWx/yDrRhgMJTb-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030212052213.GA31883>