Subject: root password : security hole ?
To: None <email@example.com>
From: Florence HENRY <Florence.Henry@obspm.fr>
Date: 03/11/2003 18:52:24
I know it's a bad idea to log in as root via telnet but I tried once to
test s/key, and I found something strange.
If you give the bad password, telnetd behaves as usual :
But if you give the good one, it says :
root login refused on this terminal.
On a digital unix, both give Login incorrect.
I know there is little chance that a someone (human or not) guesses the
root password as first try, but I don't like the idea to give anyone
any indication about the root password.
What do you think about that ? Could it be a security hole ?
florence point henry arobasse obspm point fr