Date: Tue, 04 Apr 2000 12:25:30 +0200 From: Sheldon Hearn <sheldonh@uunet.co.za> To: Bob Johnson <bobj@atlantic.net> Cc: questions@FreeBSD.ORG Subject: Re: 3.4-R telnetd doesn't prompt for password on bad user id Message-ID: <87113.954843930@axl.ops.uunet.co.za> In-Reply-To: Your message of "Mon, 03 Apr 2000 22:30:04 -0400." <3.0.6.32.20000403223004.009bbb50@rio.atlantic.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 03 Apr 2000 22:30:04 -0400, Bob Johnson wrote: > Two of them are 3.4-RELEASE Mon Dec 20 1999. If I telnet to either of > them, it does not prompt for a password if I enter an invalid user id: > it simply prints "Login incorrect" and displays the login prompt again. > This allows a bored attacker to try logins until he hits a valid userid. Weird. I'm using 5.0-CURRENT and I don't see this. Two things come to mind, though: 1) Are you _sure_ you're using the stock /usr/libexec/telnetd ? 2) Are you perhaps using Kerberized telnet? Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87113.954843930>