OpenPAM/SSHD privacy hole (FreeBSD 9.2+ affected)
Dag-Erling Smørgrav
des at des.no
Tue Oct 29 12:42:58 UTC 2013
Andrei <az at azsupport.com> writes:
> You might be surprised, but authtok_prompt="Password:" have same
> results as just authtok_prompt. Empty screen and no "Password:"
> prompt. FreeBSD 9.2 tested.
That's interesting. It works in 10.0 (OpenPAM Nummularia). I will try
to find the bug and consider issuing an errata notice for 9.1 and 9.2.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list