Re: CRIME OpenSSH 3.4p1 cleartext Password Vulnurability

From: Michael Smith (codeyeti@private)
Date: Fri Sep 20 2002 - 09:33:24 PDT

Next message: George Heuston: "CRIME FW: [Cyber_threats] Daily News 09/20/02"

Previous message: Lyle Leavitt: "Re: CRIME OpenSSH 3.4p1 cleartext Password Vulnurability"
In reply to: Jimmy S.: "CRIME OpenSSH 3.4p1 cleartext Password Vulnurability"
Next in thread: Crispin Cowan: "Re: CRIME OpenSSH 3.4p1 cleartext Password Vulnurability"
Reply: Crispin Cowan: "Re: CRIME OpenSSH 3.4p1 cleartext Password Vulnurability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is good:

Vendor response:
Theo and Markus told Andrew that this is not an issue. Theo says that
you cannot prevent root from determining a user's password. Andrew does
not disagree but asked why OpenBSD bothers to encrypt user passwords at
all if that is his attitude.

On Thu, 2002-09-19 at 22:46, Jimmy S. wrote:
> Check this out
> 
> http://www.securiteam.com/unixfocus/5VP0H2A8AK.html
> 
> Jimmy
-- 
Michael Smith codeyeti@private
(541)730-1932
Antenna searches
Retriever's nose in the wind
Ether's far secrets   --Neal Stephenson, Cryptonomicon

application/pgp-signature attachment: This is a digitally signed message part

Next message: George Heuston: "CRIME FW: [Cyber_threats] Daily News 09/20/02"
Previous message: Lyle Leavitt: "Re: CRIME OpenSSH 3.4p1 cleartext Password Vulnurability"
In reply to: Jimmy S.: "CRIME OpenSSH 3.4p1 cleartext Password Vulnurability"
Next in thread: Crispin Cowan: "Re: CRIME OpenSSH 3.4p1 cleartext Password Vulnurability"
Reply: Crispin Cowan: "Re: CRIME OpenSSH 3.4p1 cleartext Password Vulnurability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Sep 20 2002 - 10:11:47 PDT