[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#741678: It is possible to use live user account to log in via SSH

severity 741678 normal
tag 741678 - security
tag 741678 moreinfo
thanks

On 03/15/2014 03:24 PM, Evgeny Kapun wrote:
> By default, live-config creates a user with known name (user) and password (live). In live images with included openssh-server, this means that anyone can log into a live system immediately once it connects to a network (which it tries to do during boot).

that is a well known and documented fact since always. what do you
suggest to do differently and how exactly?

-- 
Address:        Daniel Baumann, Donnerbuehlweg 3, CH-3012 Bern
Email:          daniel.baumann@progress-technologies.net
Internet:       http://people.progress-technologies.net/~daniel.baumann/
Reply to: