https://bugzilla.mindrot.org/show_bug.cgi?id=3934
Bug ID: 3934
Summary: check_pam_user() is an oracle for user names
Product: Portable OpenSSH
Version: 10.0p2
Hardware: Other
OS: Solaris
Status: NEW
Severity: security
Priority: P5
Component: PAM support
Assignee: [email protected]
Reporter: [email protected]
When an non-valid username is used, a pam configuration can fail
immediately on the second time to run pam() (as there are
multiple ways to authenticate a user)
The connection is dropped immediately with: PAM user mismatch
(ROOT != NOUSER)
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
