>>>>> "Kermit" == Kermit the Frog <kermitat_private> writes: Kermit> Hello! while trying this new soft to replace the ``old'' xdm, Kermit> I found out that if a wrong passwd is supplied, gdm will Kermit> answer with a ``incorrect password'' message. So I tried to Kermit> log in as an inexistent user ... the result was "user Kermit> unknown". The vulnerabilty seems trivial to me. Kermit> The version tested was gdm-2.0beta4. You can disable this by setting VerboseAuth=0 in the [Security] section in gdm.conf. See the GDM manual for details. -- Martin Kasper Petersen BOFH, IC1&2, Aalborg University, DK mailto:mkpat_private http://SunSITE.auc.dk/~mkp/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:17:43 PDT