Summary: | sys-apps/shadow: /bin/login displays plaintext password to console if process lasts unusually long | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | akiskapo <akis.kapo> |
Component: | Auditing | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
akiskapo
2006-05-30 13:16:31 UTC
Setting to auditing for confirmation so the bug is that if a user types in their password when login hasnt prompted for it, the password can be seen on the console? I'm marking this as invalid, as if login hasnt prompted for it, you shouldnt type it in, so PEBKAC, we cant protect users who type in their password indiscrimnately from themselves. a ton of applications "suffer" from this "bug" you could do the same thing with ssh for example |