Well, I just checked it out on a fairly vanilla RH6.0 box, and it exhibited the same behaviour. This is only a bug with PAM-enabled machines, Slackware, etc. do not have this problem. Also, it exhibits this behaviour with or without shadowed passwords (I pwunconv'd and tried it just now, same thing happened). I think it's a problem with one of the PAM modules. On Fri, 11 Jun 1999, C.J. Oster wrote: > Not if you have the latest shadow package installed. If you type in an > incorrect password, you get an immediate 'Sorry.' This may be correct for > earlier versions of the shadow suite, but I don't remember and I only have > the newest one installed. Latest version is at > ftp://ftp.ists.pwr.wroc.pl/pub/linux/shadow/ > >I was talking to some guy on IRC (st2) and he asked me to mention to > >bugtraq (because he's not on the list) that the PAMified su that comes > >with redhat has a slight hole. When you try to su to root (for example) if > >it's successful, immediately gives you a shell prompt. Otherwise, it > >delays a full second, then logs an authentication failure to syslog. If > >you hit break in that second, no error, plus you know that the password > >was bad, so you can brute force root's password. I wrote a little > >threaded Perl prog that tested it (with a 0.25 second delay before the > >break) to attack my own password (with my password in the wordlist) and it > >seemed to work just fine, even with my own password hundreds of words down > >in the list, so it seems pretty predictable, as long as the server's under > >very little load (else you get a delay no matter what, and it screws the > >whole process by giving false negatives). --- tani hosokawa river styx internet
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:49:09 PDT