Displaying 3 results from an estimated 3 matches for "authtok_prompt".
2013 Oct 23
2
OpenPAM/SSHD privacy hole (FreeBSD 9.2+ affected)
Hello,
I found that in the new FreeBSD 9.2 (probably in 10 also) updated OpenPAM sources.
The big embarrassment was in pam_get_authtok.c. The problem is that even without a
valid SSH login it's possible to know the server's hostname.
az at az:/home/az % ssh 1.2.3.4
Password for az at real.hostname.com:
Changes made by "des":
2018 Feb 12
3
FreeBSD Core dump: PAM authentication with Kerberos credentials (GSSAPI_MIT)
...t_pass'
Feb 11 09:20:40 mail auth: in openpam_get_option(): returning NULL
Feb 11 09:20:40 mail auth: in openpam_get_option(): entering:
'use_first_pass'
Feb 11 09:20:40 mail auth: in openpam_get_option(): returning NULL
Feb 11 09:20:40 mail auth: in openpam_get_option(): entering:
'authtok_prompt'
Feb 11 09:20:40 mail auth: in openpam_get_option(): returning NULL
Feb 11 09:20:40 mail auth: in openpam_subst(): entering: 'Password:'
Feb 11 09:20:40 mail auth: in openpam_subst(): returning PAM_SUCCESS
Feb 11 09:20:40 mail auth: in openpam_get_option(): entering: 'echo_pass'...
2018 Feb 12
0
FreeBSD Core dump: PAM authentication with Kerberos credentials (GSSAPI_MIT)
...40 mail auth: in openpam_get_option(): returning NULL
> Feb 11 09:20:40 mail auth: in openpam_get_option(): entering:
> 'use_first_pass'
> Feb 11 09:20:40 mail auth: in openpam_get_option(): returning NULL
> Feb 11 09:20:40 mail auth: in openpam_get_option(): entering:
> 'authtok_prompt'
> Feb 11 09:20:40 mail auth: in openpam_get_option(): returning NULL
> Feb 11 09:20:40 mail auth: in openpam_subst(): entering: 'Password:'
> Feb 11 09:20:40 mail auth: in openpam_subst(): returning PAM_SUCCESS
> Feb 11 09:20:40 mail auth: in openpam_get_option(): entering:...