[8198] in bugtraq
Possible login name leak on SunOS 5.6
daemon@ATHENA.MIT.EDU (Pete Krawczyk)
Tue Oct 13 16:46:13 1998
Date: Mon, 12 Oct 1998 15:43:27 -0500
Reply-To: Pete Krawczyk <petek@bsod.net>
From: Pete Krawczyk <petek@BSOD.NET>
To: BUGTRAQ@NETSPACE.ORG
It is possible for a user with time on his hands to obtain a few login
names on a SunOS 5.6 box with Desktop Login enabled.
At the gui login screen, the user is asked for a login name. When the
user inputs it, the login client checks the user's preferences for which
wm the user will use and displays the wm choice as a graphic to the right
of the password prompt. If the user has chosen a different wm from the
default (i.e. OpenWindows instead of CDE), this will be reflected by the
picture on the right. Thus, an attacker could keep trying usernames until
he finds one where the wm graphic is not the same as the default wm
graphic.
This has been tested and confirmed on stock SunOS 5.6.
-Pete K
--
Pete Krawczyk pkrawczy at uiuc dot edu -or- petek at mc dot net
http://www.uiuc.edu/ph/www/pkrawczy Finger for PGP public key
If you attempt to mail me at pkrawczy@mc.net, I will not get it.
