Date: Mon, 24 Mar 1997 03:03:20 PST From: Bill Fenner <fenner@parc.xerox.com> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/3084: possible to determine lack of root password over the network Message-ID: <199703241103.LAA04413@sundae.parc.xerox.com> Resent-Message-ID: <199703242250.OAA16503@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 3084 >Category: bin >Synopsis: possible to determine lack of root password over the network >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Mar 24 14:50:01 PST 1997 >Last-Modified: >Originator: Bill Fenner >Organization: Xerox >Release: FreeBSD 2.2-RELEASE i386 >Environment: Just installed a fresh 2.2-RELEASE, haven't gotten around to setting a root password yet. >Description: Telnetting to the machine and attempting to log on as root exposes the fact that there is no root password, even though the message was changed from "root login refused" to "login incorrect": FreeBSD (sundae.parc.xerox.com) (ttyp1) login: root Login incorrect login: >How-To-Repeat: Try to log on as root on an insecure pty on a machine with no root password. >Fix: Ask for a password even if root doesn't have one, if you're going to say "login incorrect" to try to hide information. >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199703241103.LAA04413>