bugzilla-daemon at mindrot.org
2003-Feb-17 21:00 UTC
[Bug 495] New: local port forwards start before authentication is complete (password auth)
http://bugzilla.mindrot.org/show_bug.cgi?id=495
Summary: local port forwards start before authentication is
complete (password auth)
Product: Portable OpenSSH
Version: 3.5p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: security
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: rhaig at hackboy.com
when doing a local port forward (ssh www.foo.com -L8080:localhost:80) the
forward becomes active before the authentication is complete.
repeat by running the above command to your server that is running ssh and a web
server, before entering the password (but after the password prompt appears),
open the local end of the port forward, and observe it's operability (if
it's a
web server, "GET /"). This is without any keys in place or the
password being
entered.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Apparently Analagous Threads
- [Bug 495] local port forwards start before authentication is complete (password auth)
- [Bug 457] New: SSHD doesn't start when using invalid port numbers
- Using -W with -L (Local Forwarding) and -D (Socks Forwarding)
- [Bug 1267] PermitOpen - Multiple forwards don't works
- [Bug 530] problems with port forwarding
Wisdom of the Ancients
