bugzilla-daemon at mindrot.org
2002-May-05 13:45 UTC
[Bug 235] New: While PermitEmptyPasswords no, user can connect, entering ANY other password
http://bugzilla.mindrot.org/show_bug.cgi?id=235
Summary: While PermitEmptyPasswords no, user can connect,
entering ANY other password
Product: Portable OpenSSH
Version: 3.1p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: maxim at idknet.com
set "PermitEmptyPasswords no" in sshd_config
useradd test
vi shadow for setting EMPTY password
ssh test at localhost
after prompt "test at localhost's password:", enter any non empty
password.
Authorization succeeds and "remote" user gain access to system.
It also valid if user is root.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Possibly Parallel Threads
- [Bug 235] While PermitEmptyPasswords no, user can connect, entering ANY other password
- [Bug 235] While PermitEmptyPasswords no, user can connect, entering ANY other password
- [Bug 2475] New: Login failure when PasswordAuthentication, ChallengeResponseAuthentication, and PermitEmptyPasswords are all enabled
- OpenSSH 3.6.1p2 +UnixWare 7.1.1 +SSH2 + PasswordAuthentication no + PermitEmptyPasswords yes (followup)
- OpenSSH 3.6.1p2 +UnixWare 7.1.1 +SSH2 + PasswordAuthentication no + PermitEmptyPasswords yes
Wisdom of the Ancients
