Date: Mon, 03 Apr 2000 22:30:04 -0400 From: Bob Johnson <bobj@atlantic.net> To: questions@freebsd.org Subject: 3.4-R telnetd doesn't prompt for password on bad user id Message-ID: <3.0.6.32.20000403223004.009bbb50@rio.atlantic.net>
next in thread | raw e-mail | index | archive | help
I have 4 FreeBSD systems. One is 2.2.8 and is fine for the purposes of this question. One is 3.4-RC#4 Fri Dec 17 1999, and it also has no significant problems, although I don't know why I installed 3.4-RC and never upgraded it. Two of them are 3.4-RELEASE Mon Dec 20 1999. If I telnet to either of them, it does not prompt for a password if I enter an invalid user id: it simply prints "Login incorrect" and displays the login prompt again. This allows a bored attacker to try logins until he hits a valid userid. One of the two 3.4-RELEASE systems has a kernel built from 3.4-STABLE sources Mon, Mar 27, 2000. The other uses the GENERIC kernel from the original install. Both seem to behave the same. So: 1) Is this a known problem that I just couldn't find in the archives, or 2) have I managed to misconfigure something to cause this? I'm not at all sure I have enough drive space left (not to mention spare time) to build a 3.4-STABLE system. And yes, I normally use SSH. I would have discovered this much sooner if I didn't. -- Bob +-------------------------------------------------------- | Bob Johnson | bobj@atlantic.net +-------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.6.32.20000403223004.009bbb50>