Date: Tue, 24 Dec 1996 18:41:25 -0800 (PST) From: John-Mark Gurney <jmg@nike.efn.org> To: freebsd-security@freefall.freebsd.org Subject: attempted root login gives refused message when password correct instead of login incorrect... Message-ID: <Pine.NEB.3.95.961224183835.1209P-100000@hydrogen>
index | next in thread | raw e-mail
well.. I just noticed that if you telnet in and try to login as with the the correct password... you get the refused message instead of the login incorrect message... this seems a security whole as you can "obtain" the root password through this method... am I being overly worried? I have a patch that will report login incorrect when it's root when it was actually refused... this doesn't change the syslog entry... just want the user sees... thanks for your time... John-Mark gurney_j@efn.org http://resnet.uoregon.edu/~gurney_j/ Modem/FAX: (541) 683-6954 (FreeBSD Box) Live in Peace, destroy Micro$oft, support free software, run FreeBSD (unix)help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.95.961224183835.1209P-100000>