[19108] in bugtraq
Re: SSHD-1 Logging Vulnerability
daemon@ATHENA.MIT.EDU (Florian Weimer)
Fri Feb 9 18:14:27 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <tgvgqjbwjo.fsf@mercury.rus.uni-stuttgart.de>
Date: Fri, 9 Feb 2001 18:23:07 +0100
Reply-To: Florian Weimer <Florian.Weimer@RUS.UNI-STUTTGART.DE>
From: Florian Weimer <Florian.Weimer@RUS.UNI-STUTTGART.DE>
X-To: jose nazario <jose@SPAM.THEGEEKEMPIRE.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.BSO.4.21.0102051340220.30687-100000@spam.thegeekempire.net>
jose nazario <jose@SPAM.THEGEEKEMPIRE.NET> writes:
> - debug("Rhosts authentication failed for '%.100s', remote '%.100s', host '%.200s'.",
> + log_msg("Rhosts authentication failed for '%.100s', remote '%.100s', host '%.200s'.",
> user, client_user, get_canonical_hostname());
I don't think this patch is a good idea. If a user accidentally
enters his password in place of his user name, the password will show
up in the log. That's probably the reason while logging is available
only in the debug mode. It should be sufficient to log the IP address
of the client trying to authenticate.
--
Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898
