Bug#385035: [Pkg-shadow-devel] Bug#385035: Login should not allow
text to be entered between user and password
Matthew Flaschen
matthew.flaschen at gatech.edu
Tue Aug 29 02:08:57 UTC 2006
I can only assume you're correct. I have no intention of updating this
package to testing or unstable, as it is critical. I hope a limited
security update becomes available for stable soon.
Matt Flaschen
Christian Perrier wrote:
> Quoting Matthew Flaschen (matthew.flaschen at gatech.edu):
>> Package: login
>> Version: 4.0.3-31sarge8
>>
>> The problem is that after you type the username, but before the program
>> begins taking password input, it is possible to type directly into the
>> shell. This means that if someone begins typing their password
>> prematurely will have it displayed on screen, and logged.
>
>
> I absolutely can't reproduce this with login 4.0.18.1-2, ie the
> version in unstable (and soon testing).
>
>
More information about the Pkg-shadow-devel
mailing list