From owner-freebsd-bugs  Thu Feb 11 13:40:07 1999
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA21695
          for freebsd-bugs-outgoing; Thu, 11 Feb 1999 13:40:07 -0800 (PST)
          (envelope-from owner-freebsd-bugs@FreeBSD.ORG)
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA21646
          for <freebsd-bugs@FreeBSD.org>; Thu, 11 Feb 1999 13:40:03 -0800 (PST)
          (envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.2/8.9.2) id NAA03929;
	Thu, 11 Feb 1999 13:40:01 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: (from nobody@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA21119;
          Thu, 11 Feb 1999 13:35:32 -0800 (PST)
          (envelope-from nobody)
Message-Id: <199902112135.NAA21119@hub.freebsd.org>
Date: Thu, 11 Feb 1999 13:35:32 -0800 (PST)
From: kaiserppo@erols.com
To: freebsd-gnats-submit@FreeBSD.ORG
X-Send-Pr-Version: www-1.0
Subject: i386/10037: Security Hole -- Easy way to get users passwords
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         10037
>Category:       i386
>Synopsis:       Security Hole -- Easy way to get users passwords
>Confidential:   no
>Severity:       non-critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Feb 11 13:40:01 PST 1999
>Closed-Date:
>Last-Modified:
>Originator:     Ben Howard
>Release:        2.2.6 i386
>Organization:
<home>
>Environment:
FreeBSD rasputin.net 2.2.6 RELEASE FreeBSD 2.2.6-RELEASE #5
Wed Feb 3,19:15:05 GMT 1999 toor@rasputin.net:/usr/src/sys/compile/RASPUTIN i386
>Description:
Simple- a superuser can run cat on the /dev/ttyvX (X being the virtual
terminal number), when a user enters in there password, the superuser
can see the password.
>How-To-Repeat:
Log on as a superuser
type: cat /dev/ttyvX
then flop over to that terminal
log on
go back to the terminal where you logged on as superuser
notice the lovely password that you know have.
>Fix:
No know fix. But it is illegal for buisnesses, schools, etc. to archive
password of their users. This also works for network logons.
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message