[397] in Zephyr_Bugs
Re: zwgc regetting tickets
daemon@ATHENA.MIT.EDU (John T Kohl)
Mon Jul 20 19:35:10 1992
Date: Mon, 20 Jul 92 16:33:39 -0700
From: John T Kohl <jtkohl@cs.berkeley.edu>
To: "Mark W. Eichin" <eichin@cygnus.com>
Cc: Derek Atkins <warlord@seuss.bellcore.com>, lwvanels@mit.edu,
In-Reply-To: [396]
> [0396] daemon@ATHENA.MIT.EDU (Mark W. Eichin) Zephyr_Bugs 07/20/92 15:46 (32 lines)
> Date: Mon, 20 Jul 92 18:45:38 EDT
> From: "Mark W. Eichin" <eichin@cygnus.com>
> Having xscreensaver get tickets is a security risk in two different
> ways:
> 1) Unless the local machine has a srvtab that xscreensaver can
> read, it is possible to spoof xscreensaver's tgt request (with a flood
> of packets with a known key.) This gets you access to the user's
> session
Under one possible reading of Derek's explanation, that's not quite
true: the user types the password *before* leaving the workstation. If
it does work that way, then threat #1 goes away (although there's a
denial of service lurking there)...but the TGT it gets might not be
useful once the user returns.
John
