Specifically, the current status means that on stretch systems, any accounts relying on the default pam_unix nullok_secure to allow null- password accounts to log in from local terminals only are open to access by anyone who ssh's in and happens to get get pts/0 or pts/1.
- Bug#914957: login: removal of pts/* from /etc/securet... russm
- Bug#914957: additional russm
- Bug#914957: login: removal of pts/* from /etc/se... Salvatore Bonaccorso
- Bug#914957: [Pkg-shadow-devel] Bug#914957: l... Bálint Réczey
- Bug#914957: [Pkg-shadow-devel] Bug#91495... Michael Biebl