[12858] in bugtraq
gdm thing
daemon@ATHENA.MIT.EDU (Kermit the Frog)
Mon Dec 6 13:20:30 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.20.9912052128210.3574-100000@nerdland.dhis.org>
Date: Sun, 5 Dec 1999 23:44:18 -0300
Reply-To: Kermit the Frog <kermit@TOWER.COM.AR>
From: Kermit the Frog <kermit@TOWER.COM.AR>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19990823094300.A5607@securityfocus.com>
Hello! while trying this new soft to replace the ``old'' xdm, I found out
that if a wrong passwd is supplied, gdm will answer with a ``incorrect
password'' message. So I tried to log in as an inexistent user ... the
result was "user unknown". The vulnerabilty seems trivial to me.
The version tested was gdm-2.0beta4.
Best regards.
Cervi~no Ulises
<kermit@tower.com.ar> <ulises@rosario.linux.org.ar>
...............................................................................
"Contrary to popular opinion, Unix is user friendly, It just happens to be
very selective about who it makes friends with."
