>>>>> "Kermit" == Kermit the Frog <[EMAIL PROTECTED]> writes:
Kermit> Hello! while trying this new soft to replace the ``old'' xdm,
Kermit> I found out that if a wrong passwd is supplied, gdm will
Kermit> answer with a ``incorrect password'' message. So I tried to
Kermit> log in as an inexistent user ... the result was "user
Kermit> unknown". The vulnerabilty seems trivial to me.
Kermit> The version tested was gdm-2.0beta4.
You can disable this by setting VerboseAuth=0 in the [Security]
section in gdm.conf.
See the GDM manual for details.
--
Martin Kasper Petersen BOFH, IC1&2, Aalborg University, DK
mailto:[EMAIL PROTECTED] http://SunSITE.auc.dk/~mkp/
