search for: anymore_password

Hi, I've recently discovered a rather nasty bug. My login password is visible when I use the following command: arioch at server ~ $ ssh arioch at 192.168.0.1 sudo tail -f /var/log/messages; exit Password: ********** (user - masked) Password: my_not-so-secret-anymore_password (root - not masked) -tail output- This has been tested with openssh on OpenBSD, FreeBSD and Gentoo/Linux, all with up-to-date versions of both OpenSSH and Sudo and the output is equally the same. Hoping to be of any service, Tom D.V. -- tom at penumbra.be arioch at penumbra.be