OpenPAM/SSHD privacy hole (FreeBSD 9.2+ affected)

Dag-Erling Smørgrav des at des.no
Tue Oct 29 12:42:58 UTC 2013


Andrei <az at azsupport.com> writes:
> You might be surprised, but authtok_prompt="Password:" have same
> results as just authtok_prompt. Empty screen and no "Password:"
> prompt.  FreeBSD 9.2 tested.

That's interesting.  It works in 10.0 (OpenPAM Nummularia).  I will try
to find the bug and consider issuing an errata notice for 9.1 and 9.2.

DES
-- 
Dag-Erling Smørgrav - des at des.no


More information about the freebsd-security mailing list