[5108] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Cygnus CNS telnet security hole?

daemon@ATHENA.MIT.EDU (eichin@MIT.EDU)
Mon May 8 04:22:25 1995

Date: Mon, 8 May 95 03:59:48 -0400
To: dm@das.harvard.edu (David Mazieres)
Cc: kerberos@MIT.EDU
In-Reply-To: "[5088] in Kerberos"
From: eichin@MIT.EDU


> telnet client and server.  Does anyone know if that telnet contains
> the big encrypted telnet security hole everyone was talking about

Indeed, we didn't add telnet to our release until after the bug had
been announced (oddly enough, due to differences in our DES library,
the result of the buggy telnet code would have been a telnet/telnetd
that *did* have valid encryption, but didn't interoperate with the
broken one.)
			_Mark_ <eichin@cygnus.com>
			Cygnus Support
			Cygnus Network Security <network-security@cygnus.com>


home help back first fref pref prev next nref lref last post