[Pkg-shadow-devel] Bug#721954: passwd: displays password when called via ssh directly
Vagrant Cascadian
vagrant at debian.org
Thu Sep 5 23:38:46 UTC 2013
Package: passwd
Version: 1:4.1.5.1-1
Severity: normal
When trying to change a passphrase over an ssh connection, normally the
passphrase isn't displayed:
vagrant at local:~$ ssh server
vagrant at server:~$ passwd
Changing password for vagrant.
(current) UNIX password:
When called via ssh directly, it echoes the passphrase:
vagrant at local:~$ ssh server passwd
(current) UNIX password: dlkgfjsdgfkjsd
I'm not sure if this is expected and correct behavior, but it seems prone to
shoulder-surfing and whatnot.
live well,
vagrant
-- System Information:
Debian Release: 7.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'oldstable-updates'), (500, 'stable'), (500, 'oldstable'), (120, 'unstable'), (110, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages passwd depends on:
ii debianutils 4.3.2
ii libc6 2.13-38
ii libpam-modules 1.1.3-7.1
ii libpam0g 1.1.3-7.1
ii libselinux1 2.1.9-5
ii libsemanage1 2.1.6-6
passwd recommends no packages.
passwd suggests no packages.
-- no debconf information
More information about the Pkg-shadow-devel
mailing list