thr3ads.net - openssh bugs - [Bug 975] Kerberos authentication timing can leak information about account validity [Feb 2006]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon at mindrot.org

2006-Feb-13 11:37 UTC

[Bug 975] Kerberos authentication timing can leak information about account validity

http://bugzilla.mindrot.org/show_bug.cgi?id=975


djm at mindrot.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
OtherBugsDependingO|                            |1155
              nThis|                            |






------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

bugzilla-daemon at mindrot.org

2006-Feb-13 11:38 UTC

head link

[Bug 975] Kerberos authentication timing can leak information about account validity

http://bugzilla.mindrot.org/show_bug.cgi?id=975


djm at mindrot.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
OtherBugsDependingO|1047                        |
              nThis|                            |






------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

bugzilla-daemon at mindrot.org

2006-Feb-13 11:55 UTC

head link

[Bug 975] Kerberos authentication timing can leak information about account validity

http://bugzilla.mindrot.org/show_bug.cgi?id=975





------- Comment #5 from dtucker at zip.com.au  2006-02-13 22:55 -------
For the record, the main part of this bug was fixed and is in 4.3x.

The only remaining part is patch #1029 which I'm not in a position to judge
the
merit of.  Maybe we should close this bug?




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

bugzilla-daemon at mindrot.org

2006-Feb-26 01:40 UTC

head link

[Bug 975] Kerberos authentication timing can leak information about account validity

http://bugzilla.mindrot.org/show_bug.cgi?id=975


dtucker at zip.com.au changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED




------- Comment #6 from dtucker at zip.com.au  2006-02-26 12:40 -------
I asked Simon and David Leonard about patch #1029 and they're undecided on
it.

Since the main part of this bug is fixed I'm closing this bug.  If it
becomes
obvious what to do with the NOUSER thing then we can address it separately.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Possibly Parallel Threads

Search for more apparently analagous threads

openssh bugs - Feb 2006 - [Bug 975] Kerberos authentication timing can leak information about account validity

[Bug 975] Kerberos authentication timing can leak information about account validity

[Bug 975] Kerberos authentication timing can leak information about account validity

[Bug 975] Kerberos authentication timing can leak information about account validity

[Bug 975] Kerberos authentication timing can leak information about account validity

Possibly Parallel Threads