CVSROOT: /cvs Module name: src Changes by: [email protected] 2025/09/28 20:32:15
Modified files:
usr.bin/ssh : auth2-chall.c
Log message:
kbd-interactive device names should be matched against the
full device name, not a prefix. Doesn't matter in practice as
there is only one kbd-int device supported (PAM xor BSD auth),
and an attacker would still need to successfully authenticate
against an incorrectly-selected device.
reported by ashamedbit, NobleMathews; ok deraadt@
