Bugtraq mailing list archives
Re: gdm thing
From: mkp () SUNSITE AUC DK (Martin K. Petersen)
Date: Mon, 6 Dec 1999 20:54:38 +0100
"Kermit" == Kermit the Frog <kermit () TOWER COM AR> writes:
Kermit> Hello! while trying this new soft to replace the ``old'' xdm, Kermit> I found out that if a wrong passwd is supplied, gdm will Kermit> answer with a ``incorrect password'' message. So I tried to Kermit> log in as an inexistent user ... the result was "user Kermit> unknown". The vulnerabilty seems trivial to me. Kermit> The version tested was gdm-2.0beta4. You can disable this by setting VerboseAuth=0 in the [Security] section in gdm.conf. See the GDM manual for details. -- Martin Kasper Petersen BOFH, IC1&2, Aalborg University, DK mailto:mkp () SunSITE auc dk http://SunSITE.auc.dk/~mkp/
Current thread:
- gdm thing Kermit the Frog (Dec 05)
- <Possible follow-ups>
- Re: gdm thing Martin K. Petersen (Dec 06)