It is possible for a user with time on his hands to obtain a few login names on a SunOS 5.6 box with Desktop Login enabled. At the gui login screen, the user is asked for a login name. When the user inputs it, the login client checks the user's preferences for which wm the user will use and displays the wm choice as a graphic to the right of the password prompt. If the user has chosen a different wm from the default (i.e. OpenWindows instead of CDE), this will be reflected by the picture on the right. Thus, an attacker could keep trying usernames until he finds one where the wm graphic is not the same as the default wm graphic. This has been tested and confirmed on stock SunOS 5.6. -Pete K -- Pete Krawczyk pkrawczy at uiuc dot edu -or- petek at mc dot net http://www.uiuc.edu/ph/www/pkrawczy Finger for PGP public key If you attempt to mail me at pkrawczyat_private, I will not get it.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:19:28 PDT