[BusyBox 0001383]: login gives information on user existence
bugs at busybox.net
bugs at busybox.net
Thu Jun 7 11:57:56 UTC 2007
The following issue has been SUBMITTED.
======================================================================
http://busybox.net/bugs/view.php?id=1383
======================================================================
Reported By: iggarpe
Assigned To: BusyBox
======================================================================
Project: BusyBox
Issue ID: 1383
Category: Security
Reproducibility: always
Severity: minor
Priority: normal
Status: assigned
======================================================================
Date Submitted: 06-07-2007 04:57 PDT
Last Modified: 06-07-2007 04:57 PDT
======================================================================
Summary: login gives information on user existence
Description:
If a non existing user is entered at the login prompt, it will return an
error, istead of asking for the password as the standard login does. This
gives information to a potential attacker about the existence of given
user in the system.
No big deal but certainly a security leak easily fixable.
======================================================================
Issue History
Date Modified Username Field Change
======================================================================
06-07-07 04:57 iggarpe New Issue
06-07-07 04:57 iggarpe Status new => assigned
06-07-07 04:57 iggarpe Assigned To => BusyBox
======================================================================
More information about the busybox-cvs
mailing list