FreeBSD Mail Archives

Date:      Sun, 27 Oct 2013 23:00:49 +0100
From:      Patrick Proniewski <patpro@patpro.net>
To:        Liste FreeBSD-security <freebsd-security@freebsd.org>
Cc:        des@des.no, Andrei <az@azsupport.com>
Subject:   Re: OpenPAM/SSHD privacy hole (FreeBSD 9.2+ affected)
Message-ID:  <EE68A65B-660F-480B-88E6-73E7D1C8359F@patpro.net>
In-Reply-To: <20131027225016.3cdab10e@azsupport.com>
References:  <20131023135408.38752099@azsupport.com> <1382529986.729788.498652166.90148.2@c-st.net> <86y55emw8a.fsf@nine.des.no> <20131027195755.00b0cb2c@azsupport.com> <86txg2mm9n.fsf@nine.des.no> <20131027225016.3cdab10e@azsupport.com>


[-- Attachment #1 --]
On 27 oct. 2013, at 22:50, Andrei wrote:

> On Sun, 27 Oct 2013 22:33:56 +0100
> Dag-Erling Sm�rgrav <des@des.no> wrote:
> 
>> Andrei <az@azsupport.com> writes:
>>> In /etc/pam.d/sshd from:
>>> auth            required        pam_unix.so             no_warn
>>> try_first_pass to:
>>> auth required pam_unix.so no_warn try_first_pass authtok_prompt
>>> 
>>> Right?
>> 
>> auth required pam_unix.so no_warn try_first_pass
>> authtok_prompt="Password:"
>> 
>> BTW, I recently noticed that try_first_pass doesn't work as documented
>> (and hasn't for ten years), but I haven't had time to fix it yet.
> 
> You might be surprised, but authtok_prompt="Password:" have same results as
> just authtok_prompt. Empty screen and no "Password:" prompt.
> FreeBSD 9.2 tested.

Same here (9.2-RELEASE amd64), whatever I put for authtok_prompt.
The end of a verbose attempt reads: 

debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1

and then, nothing.

patpro


[-- Attachment #2 --]
0�	*�H��
��0�10	+0�	*�H��
��]0�!0�	��y0
	*�H��
0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0
130919164736Z
140920203230Z0>10Upatpro@patpro.net1 0	*�H��
	patpro@patpro.net0�"0
	*�H��
�0�
�����4*��Ύ1wN���.-ߴ'�m|�p?��;j��}��/�{ni����"7��ns\aO�S5�k�ꗝ��Pc�����r����q�/oܕ+-CY�d�"������-R,�H���O�<u�H�ᢶdq{���
OE���Ŗ�!���W����Fy�K�qLZ��ti�/̇�}d�}g�l��
�W����j�g�lGyp�8l�i2�~A�dw�-���b(vg8b��^`��*:l�>���0��0	U00U�0U%0++0Uq�7gW�UQ$H���`�z0U#0�Sr풜���\|~�5N�ԸQ�0U0�patpro@patpro.net0�LU �C0�?0�;+��70�*0.+"http://www.startssl.com/policy.pdf0��+0��0' StartCom Certification Authority0��This certificate was issued according to the Class 1 Validation requirements of the StartCom CA policy, reliance only for the intended purpose in compliance of the relying party obligations.06U/0-0+�)�'�%http://crl.startssl.com/crtu1-crl.crl0��+��009+0�-http://ocsp.startssl.com/sub/class1/client/ca0B+0�6http://aia.startssl.com/certs/sub.class1.client.ca.crt0#U0�http://www.startssl.com/0
	*�H��
������?����q�
h��/4ӓ�[ۆA��G����n����"���f��D%�'9\����y�L����9J繆l��UL<
�5�N}��H�E*p�׍�~Dd�fs���~:�4�)t�k��7��������N�o>�|�%|G{P�?szXg��O��d]�D%�*�zaZ�=?�3u<v�l@�5Ew��𴩼B+�D�ϻ#���+|;d;�U���w�Iw���%r��+c��!@�Fa�������X�0�40��0
	*�H��
0}10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1)0'U StartCom Certification Authority0
071024210155Z
171024210155Z0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0�"0
	*�H��
�0�
��	���-��)�.����2����A�UG��o��#G�
�B|N�D�����Rp�M-��B��=o���-�we�5��J�Qpa>O��.�#������.���_�<���V��
[~�*��*�p�z��~�3�W�G�.ᘟ����Ml�r[�<C�e�6���f����q������O���"��u��xf�WN�#�u����i���c�gk��v$����Lb�%�������y��`�����_�{`���xK'G�N�����0��0U�0�0U�0USr풜���\|~�5N�ԸQ�0U#0�N��@[�i�0�4hC�A��0f+Z0X0'+0�http://ocsp.startssl.com/ca0-+0�!http://www.startssl.com/sfsca.crt0[UT0R0'�%�#�!http://www.startssl.com/sfsca.crl0'�%�#�!http://crl.startssl.com/sfsca.crl0��U y0w0u+��70f0.+"http://www.startssl.com/policy.pdf04+(http://www.startssl.com/intermediate.pdf0
	*�H��
�
�}x�,\�c�^��#wM�q�}��>UK/��^y��X֏y	����f�rMIŲ�B6�1ymQ󸟆�ҨݬZ���0���&��;�@��#13qۑ��&	��̢������o�	6�r��_��;�GO>*I�(	7�4���XS1r3��)!�Ǉ�y��6Ko����tˆ#
_�w�S�r���
�;�B
A�Dp�(f��s�������䰷6%�����.W0J3�:b�C�<�8t X����1�<��C��n�=�����t==�wS���T������~���\�wkB�f�|1��5���zU��P)��(���I��j��VB��!����OfI=b��b�\4�-*em��/нSJm�7���N�����[�]'��@ڽ��D9�Kr>���R��7/��|�o���^I@�ټ'��Pa$ z��9�a'L�)��(�
�I��}v��c�H]�۸�D����*�W�}
m�>Q����|�C.�(,�l��Q�1�o0�k0��0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA�y0	+���0	*�H��
	1	*�H��
0	*�H��
	1
131027220049Z0#	*�H��
	1���΅O���Ӡ�)�%%20��	+�71��0��0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA�y0��*�H��
	1�����0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA�y0
	*�H��
�
4(���@gMRbK����U~�3l�8������I������$�@�����pE�[�U��-}]��Q`�}P̚��<��eU��/g�VF�J��$�d�!4Зh�$�i�<q+w�&���Q��K�i{\�������8�4��Ǿ*�j
QwL���&��GK@
>�X0:y]}��]T�.���!�����b6DKQ�ᐅ~�m?�L�C
MV������`@��oy� ��xz!(f�T�A���o=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EE68A65B-660F-480B-88E6-73E7D1C8359F>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation