Hello! while trying this new soft to replace the ``old'' xdm, I found out that if a wrong passwd is supplied, gdm will answer with a ``incorrect password'' message. So I tried to log in as an inexistent user ... the result was "user unknown". The vulnerabilty seems trivial to me. The version tested was gdm-2.0beta4. Best regards. Cervi~no Ulises <kermitat_private> <ulisesat_private> ............................................................................... "Contrary to popular opinion, Unix is user friendly, It just happens to be very selective about who it makes friends with."
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:17:29 PDT