Date: Tue, 29 Oct 2013 13:42:52 +0100 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Andrei <az@azsupport.com> Cc: freebsd-security@freebsd.org Subject: Re: OpenPAM/SSHD privacy hole (FreeBSD 9.2+ affected) Message-ID: <86li1cmenn.fsf@nine.des.no> In-Reply-To: <20131027225016.3cdab10e@azsupport.com> (Andrei's message of "Sun, 27 Oct 2013 22:50:16 %2B0100") References: <20131023135408.38752099@azsupport.com> <1382529986.729788.498652166.90148.2@c-st.net> <86y55emw8a.fsf@nine.des.no> <20131027195755.00b0cb2c@azsupport.com> <86txg2mm9n.fsf@nine.des.no> <20131027225016.3cdab10e@azsupport.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Andrei <az@azsupport.com> writes: > You might be surprised, but authtok_prompt=3D"Password:" have same > results as just authtok_prompt. Empty screen and no "Password:" > prompt. FreeBSD 9.2 tested. That's interesting. It works in 10.0 (OpenPAM Nummularia). I will try to find the bug and consider issuing an errata notice for 9.1 and 9.2. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86li1cmenn.fsf>