[3015] in Kerberos-V5-bugs
pending/673: bug in kadmin
daemon@ATHENA.MIT.EDU (root@orcrist.teklaine.com)
Wed Dec 2 18:58:06 1998
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: gnats-admin@rt-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, root@orcrist.teklaine.com
Date: Wed, 2 Dec 1998 15:55:13 -0800
From: root@orcrist.teklaine.com
Reply-To: root@orcrist.teklaine.com
To: krb5-bugs@MIT.EDU
Cc: bspindlr@tekchek.com
>Number: 673
>Category: pending
>Synopsis: bug in kadmin
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: gnats-admin
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Dec 02 18:58:00 EST 1998
>Last-Modified:
>Originator:
>Organization:
>Release: krb5-1.0.5
>Environment:
>Description:
>How-To-Repeat:
>Fix:
Sorry, dunno.
>Audit-Trail:
>Unformatted:
Synopsis: kadmin shows password when it shouldn't
Severity: serious
>System: Linux orcrist 2.0.30 #5 Tue Jun 24 03:09:53 CDT 1997 i586 unknown
>Architecture: i586
>I have an entry in my kadm5.acl file as */admin@REALM
>I go into kadmin as root/admin@REALM, if the first thing I do when I get into
>kadmin is type ctrl c it says:
>kadmin: Unknown request "PASSWORD". Type "?" for a request list.
>Where PASSWORD is the password I typed to start kadmin as root/admin.
>I realize this is a small bug that doesn't seem exploitable, however
>it didn't seem like a wanted feature :)
>
>I have not tested this on platforms other than the one listed above, so it
>maybe only be a problem on linux. However just go into kadmin, and press
>ctrl c before you do anything else
>
