Date: Thu, 11 Feb 1999 14:20:01 -0800 (PST) From: Bill Fumerola <billf@jade.chc-chimes.com> To: freebsd-bugs@FreeBSD.ORG Subject: Re: i386/10037: Security Hole -- Easy way to get users passwords Message-ID: <199902112220.OAA07142@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR i386/10037; it has been noted by GNATS. From: Bill Fumerola <billf@jade.chc-chimes.com> To: kaiserppo@erols.com Cc: freebsd-gnats-submit@FreeBSD.ORG Subject: Re: i386/10037: Security Hole -- Easy way to get users passwords Date: Thu, 11 Feb 1999 17:20:40 -0500 (EST) On Thu, 11 Feb 1999 kaiserppo@erols.com wrote: > >Description: > Simple- a superuser can run cat on the /dev/ttyvX (X being the virtual > terminal number), when a user enters in there password, the superuser > can see the password. This is not a bug. The password has to be read somehow. > >Fix: > No know fix. But it is illegal for buisnesses, schools, etc. to archive > password of their users. This also works for network logons. Since when? - bill fumerola - billf@chc-chimes.com - BF1560 - computer horizons corp - - ph:(800) 252-2421 - bfumerol@computerhorizons.com - billf@FreeBSD.org - To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199902112220.OAA07142>