Subject: Re: root password : security hole ?
To: Florence HENRY <Florence.Henry@obspm.fr>
From: Ignatios Souvatzis <ignatios@theory.cs.uni-bonn.de>
List: netbsd-users
Date: 03/12/2003 10:12:31
--7ZAtKRhVyVSsbBD2
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

hi,

On Tue, Mar 11, 2003 at 06:52:24PM +0100, Florence HENRY wrote:


> But if you give the good one, it says :
> root login refused on this terminal.
>=20
> On a digital unix, both give Login incorrect.
>=20
> I know there is little chance that a someone (human or not) guesses the
> root password as first try, but I don't like the idea to give anyone
> any indication about the root password.
>=20
> What do you think about that ? Could it be a security hole ?

You reveal that the root password was correct. Hm.... Yes, I think=20
it should always say "Login incorrect." or maybe always "root login
refused on this terminal."

	-is

--7ZAtKRhVyVSsbBD2
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: 2.6.i

iQEVAgUBPm75/DCn4om+4LhpAQGoUwf+PL/RriYJvkeI0X96wsjmgPa+MyLJQ+8q
Q4wLT9jeRhTzVOYZyGUOECSC7F4pG8tvj48BhGPo1hoRBZ5n7+uGP5LebnPYLl3r
TfRaaSFAdBfl2ZlUCL6IHiDZqZMK6VqQJQK4qV/ib8d+JCC8iOUQl9wI+R7ucTfw
gHjxz7gDhLUuh8Lh5BREp1+Z7dHShTj+dh644B3Jl620HCLqPPcsoKw5ZPauaOir
6o3eATgVtz9+ASIe5aM5qTdq1enbbCloW2gPjfCEcaI2iwOIW6vp5Azwm/jlZizY
G9BjdhpquwFekT0pVyj0n7TZEFd4YkiGHuhuRJbAGTuJW6UZ7QcnAw==
=/6kn
-----END PGP SIGNATURE-----

--7ZAtKRhVyVSsbBD2--