[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Putty 0.45 vs. SSH Login

On Sun, May 05, 2002 at 02:49:56PM +0200, Vincent Hanquez <tab@crans.org> wrote:
> On Sun, May 05, 2002 at 09:33:36AM +0300, Rauno Linnam?e wrote:
>> When PermitRootLogin is set to no in /etc/ssh/sshd_config (as it
>> should be), tryimg to log in as root using PuTTY 0.45: 1. after typing
>> the correct password, the "Access denied" message line is returned
>> immediately 
> it's in my humble opinion normal, because the acces denied is done by
> sshd and not by PAM

It may be normal and even expected behaviour, but it's still an
information leak and therefore a potential security issue.

Tim van Erven <tripudium@chello.nl>
OpenPGP Key ID: 712CB811        Fingerprint: F6C9 61EE 242C C012 36D5
                                             BBF8 6310 D557 712C B811

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: