Re: gdm thing

From: Martin K. Petersen (mkpat_private)
Date: Mon Dec 06 1999 - 11:54:38 PST

Next message: krisp: "Re: new IE5 remote exploit"

Previous message: Pauli Ojanpera: "Local user can fool another to run executable. .CNT/.GID/.HLP"
Maybe in reply to: Kermit the Frog: "gdm thing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>>>> "Kermit" == Kermit the Frog <kermitat_private> writes:

Kermit> Hello! while trying this new soft to replace the ``old'' xdm,
Kermit> I found out that if a wrong passwd is supplied, gdm will
Kermit> answer with a ``incorrect password'' message. So I tried to
Kermit> log in as an inexistent user ... the result was "user
Kermit> unknown". The vulnerabilty seems trivial to me.

Kermit> The version tested was gdm-2.0beta4.

You can disable this by setting VerboseAuth=0 in the [Security]
section in gdm.conf.

See the GDM manual for details.

--
Martin Kasper Petersen			BOFH, IC1&2, Aalborg University, DK
mailto:mkpat_private		http://SunSITE.auc.dk/~mkp/

Next message: krisp: "Re: new IE5 remote exploit"
Previous message: Pauli Ojanpera: "Local user can fool another to run executable. .CNT/.GID/.HLP"
Maybe in reply to: Kermit the Frog: "gdm thing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:17:43 PDT