On Wednesday, June 02, 2004 1:44 PM, Erik Wasser <[EMAIL PROTECTED]> wrote:
> I'm not very firm with debian so I'm would like to ask the ML before > I post something to the BTS. I know this is not the right place, but > the bug is soo trival that I'm afraid I'm missing maybe the real > point. [...] > "root2" doesn't exists on this computer so you can guess the user > accounts on "wolke" and you can use this information for a real > attack like password hacking or cracking... I tried other account > names as well with the same results: long wait with existing users > and no wait with non-existing users. The issue is already known, and appears to be caused by PAM rather than OpenSSH specifically. See: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248747 http://lab.mediaservice.net/advisory/2003-01-openssh.txt for more information. Regards, Adam
