At 2017-07-26T11:51:10+0200, Nicolas George wrote: > Package: xdm > Version: 1:1.1.11-3 > Severity: normal > > Dear Maintainer, > > When somebody tries to log in and fails, xdm writes the given user name in > the system logs. Unfortunately, typing the password in the login field is a > common mistake. When that happens, xdm logs it too. That leaves the > password of an user in clear in the system logs. It is not very > important, but still a little security concern since normally passwords > are stored permanently on the system only in hashed form. > > The corresponding log line looks like this: > > Jul 26 11:32:31 hellroy xdm[1004]: LOGIN FAILURE ON :0, XXXXXXXXXXX > > (I have redacted the login that was actually a password.) > > It may be better to not log it at all, or maybe only log it when it matches > an actual login name. Hmm, yes, that's bad. Here's a quick-and-dirty, untested patch. I didn't even compile-test it because I can't get stock xdm to build on my Debian Stretch system. The xdm codebase is choked with bad style (unused results, discarded qualifiers) that causes the compile to bomb long before it gets to greet.c. "Somebody should do something about that," he said, peering around a corner into a mirror. Regards, Branden
--- xdm-1.1.11/greeter/greet.c.orig 2017-07-28 14:20:44.649055209 -0400 +++ xdm-1.1.11/greeter/greet.c 2017-07-28 14:21:09.812798680 -0400 @@ -405,12 +405,9 @@ FailedLogin (struct display *d, const char *username) { #ifdef USE_SYSLOG - if (username == NULL) - username = "username unavailable"; - syslog(LOG_AUTHPRIV|LOG_NOTICE, - "LOGIN FAILURE ON %s, %s", - d->name, username); + "LOGIN FAILURE ON %s", + d->name); #endif DrawFail (login); }
Attachment:
signature.asc
Description: PGP signature