Hi, I read https://www.openwall.com/lists/oss-security/2019/12/04/5 and wondered how the authentication bypass was possible, since the manpage says: If this style of authentication does not support challenge response, but does support the response service (described below) it should issue reject silent and then exit with a 0 status.
So I checked and indeed: # /usr/libexec/auth/login_passwd -schallenge foo 3>&1 authorize The (untested) patch below makes login_passwd behave as described in the manpage. Kind regards, Thomas diff --git libexec/login_passwd/login.c libexec/login_passwd/login.c index 09e683a7366..486d8bfcb8a 100644 --- libexec/login_passwd/login.c +++ libexec/login_passwd/login.c @@ -137,7 +137,7 @@ main(int argc, char **argv) password = readpassphrase("Password:", pbuf, sizeof(pbuf), RPP_ECHO_OFF); break; case MODE_CHALLENGE: - fprintf(back, BI_AUTH "\n"); + fprintf(back, BI_SILENT "\n"); exit(0); break; default: