Bug#741678: It is possible to use live user account to log in via SSH
severity 741678 normal
tag 741678 - security
tag 741678 moreinfo
thanks
On 03/15/2014 03:24 PM, Evgeny Kapun wrote:
> By default, live-config creates a user with known name (user) and password (live). In live images with included openssh-server, this means that anyone can log into a live system immediately once it connects to a network (which it tries to do during boot).
that is a well known and documented fact since always. what do you
suggest to do differently and how exactly?
--
Address: Daniel Baumann, Donnerbuehlweg 3, CH-3012 Bern
Email: daniel.baumann@progress-technologies.net
Internet: http://people.progress-technologies.net/~daniel.baumann/
Reply to: