Displaying 20 results from an estimated 20000 matches similar to: "[Bug 235] New: While PermitEmptyPasswords no, user can connect, entering ANY other password"
2002 May 05
2
[Bug 235] While PermitEmptyPasswords no, user can connect, entering ANY other password
http://bugzilla.mindrot.org/show_bug.cgi?id=235
------- Additional Comments From mouring at eviladmin.org 2002-05-06 06:09 -------
Created an attachment (id=92)
Try the following patch to auth-passwd.c
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2002 Jul 18
0
[Bug 235] While PermitEmptyPasswords no, user can connect, entering ANY other password
http://bugzilla.mindrot.org/show_bug.cgi?id=235
stevesk at pobox.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From stevesk at pobox.com 2002-07-18 15:17
2015 Sep 28
4
[Bug 2475] New: Login failure when PasswordAuthentication, ChallengeResponseAuthentication, and PermitEmptyPasswords are all enabled
https://bugzilla.mindrot.org/show_bug.cgi?id=2475
Bug ID: 2475
Summary: Login failure when PasswordAuthentication,
ChallengeResponseAuthentication, and
PermitEmptyPasswords are all enabled
Product: Portable OpenSSH
Version: 7.1p1
Hardware: ix86
OS: Linux
Status: NEW
2003 Jul 10
1
OpenSSH 3.6.1p2 +UnixWare 7.1.1 +SSH2 + PasswordAuthentication no + PermitEmptyPasswords yes (followup)
Greetings,
Problem : Openssh3.6.1p2 on UnixWare 7.1.1 allows access to passwordless
account without a valid key when sshd_config has PasswordAuthentication no
+ PermitEmptyPasswords yes
Attempts:
Installed maintence pack3 and recompiled both OpenSSH and OpenSSL (0.9.7b)
with native c compiler.
Recompiled both OpenSSH and OpenSSL (0.9.7b) with gcc (2.95.2).
Still the same problem.
Looking at
2003 Jul 10
1
OpenSSH 3.6.1p2 +UnixWare 7.1.1 +SSH2 + PasswordAuthentication no + PermitEmptyPasswords yes
Greetings,
I recently discovered a problem with OpenSSH 3.6.1p2 and UnixWare 7.1.1
(as well as OpenServer 5.0.X and SCO 3.2v4.2)
When I set up sshd_config as follows:
PasswordAuthentication no
PermitEmptyPasswords yes
and try to connect to a password less account ( I know its a F*up, but
that's the application ID10Ts .... ) I can get in using the SSH2 version
without a valid key, the
2002 Jun 25
0
[Bug 289] New: mmap error when trying to use 3.3p1 with privsep
http://bugzilla.mindrot.org/show_bug.cgi?id=289
Summary: mmap error when trying to use 3.3p1 with privsep
Product: Portable OpenSSH
Version: 3.1p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
2003 Jul 11
0
OpenSSH 3.6.1p2 +UnixWare 7.1.1 +SSH2 + PasswordAuthenticatio n no + PermitEmptyPasswords yes (followup)
Greetings,
complete debug below
> -----Original Message-----
> From: Ben Lindstrom [mailto:mouring at etoh.eviladmin.org]
> Sent: 10 July 2003 03:32
> To: Vikash Badal - PCS
> Cc: 'openssh-unix-dev at mindrot.org'
> Subject: Re: OpenSSH 3.6.1p2 +UnixWare 7.1.1 +SSH2 +
> PasswordAuthentication no + PermitEmptyPasswords yes (followup)
>
>
>
> Would be
2002 Mar 12
0
[Bug 159] New: Password-Authentication with openssh-3.1p1 fails
http://bugzilla.mindrot.org/show_bug.cgi?id=159
Summary: Password-Authentication with openssh-3.1p1 fails
Product: Portable OpenSSH
Version: 3.1p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
2003 Jun 30
8
[Bug 609] empty password accounts can login with random password
http://bugzilla.mindrot.org/show_bug.cgi?id=609
Summary: empty password accounts can login with random password
Product: Portable OpenSSH
Version: 3.6.1p2
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: security
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
2003 Jun 30
8
[Bug 609] empty password accounts can login with random password
http://bugzilla.mindrot.org/show_bug.cgi?id=609
Summary: empty password accounts can login with random password
Product: Portable OpenSSH
Version: 3.6.1p2
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: security
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
2003 Jul 17
1
possible bug + patch : OpenSSH 3.6.1p2 +UnixWare 7.1.1 +SSH2 + P asswordAuthentication no + PermitEmptyPasswords yes
Greetings,
When PasswordAuthentication no + PermitEmptyPasswords yes
SSH2 allows access to a passwordless account without a valid key.
This is my patch:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
wormhole# diff -u auth2-none.c.old auth2-none.c
--- auth2-none.c.old Thu Jul 17 06:23:24 2003
+++ auth2-none.c Thu Jul 17 06:44:42 2003
@@ -100,7 +100,9 @@
if (check_nt_auth(1,
2003 Nov 06
5
[Bug 755] PermitEmptyPasswords ignored
http://bugzilla.mindrot.org/show_bug.cgi?id=755
Summary: PermitEmptyPasswords ignored
Product: Portable OpenSSH
Version: -current
Platform: UltraSparc
OS/Version: Solaris
Status: NEW
Severity: critical
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy:
2002 Jul 08
0
[Bug 342] New: RhostsRSAAuthentication does not work with 3.4p1
http://bugzilla.mindrot.org/show_bug.cgi?id=342
Summary: RhostsRSAAuthentication does not work with 3.4p1
Product: Portable OpenSSH
Version: -current
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: openssh-unix-dev at mindrot.org
2003 Sep 24
0
Bug #652 and PermitEmptyPasswords
If I have
PasswordAuthentication yes
PermitEmptyPasswords no
I'm not able to log in using authorized key authentication if my password is blank. This changed when upgrading from portable 3.7.1p1 to 3.7.1p2. My thoughts were PermitEmptyPasswords would only be used if authenticating with a password.
./configure --with-pam --prefix=/usr --sysconfdir=/etc/ssh
2003 Jul 10
0
OpenSSH 3.6.1p2 +UnixWare 7.1.1 +SSH2 + PasswordAuthenticatio n no + PermitEmptyPasswords yes
Greetings,
> -----Original Message-----
> From: Vikash Badal - PCS
> Sent: 10 July 2003 07:36
> To: 'Tim Rice'
> Subject: RE: OpenSSH 3.6.1p2 +UnixWare 7.1.1 +SSH2 +
> PasswordAuthentication no + PermitEmptyPasswords yes
>
>
> Greetings,
>
> Using gcc (2.95.2) + maintenance pack 2
>
> Will try maintenance pack 3 and recompile
>
> Thanks.
2003 Sep 17
4
[Bug 652] PermitEmptyPasswords option silently ignored
http://bugzilla.mindrot.org/show_bug.cgi?id=652
Summary: PermitEmptyPasswords option silently ignored
Product: Portable OpenSSH
Version: 3.7.1p1
Platform: All
OS/Version: Solaris
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy:
2001 Jun 19
0
Empty password patch
For every (successful) ssh-connection we got an additional annoying entry
in /var/log/messages like the following:
Jun 19 09:06:57 LIN3135 pam_afs[5913]: AFS Won't use illegal password for
user usenbinz
The OpenAFS PAM module posts this message when it is called for
authentication with an (disallowed) empty password. The simple patch below
checks PermitEmptyPasswords in sshd_config before
2003 May 07
1
3.6.1p2, Spurious PAM failure messages WITH "PermitEmptyPasswords no", and a (micro) fix
Hi,
after installing 3.6.1p2 I noticed spurious PAM login failures
even with PermitEmptyPasswords set to "no":
sshd(pam_unix)[1740]: authentication failure; logname=XXX uid=0 euid=0
tty=NODEVssh ruser= rhost=localhost user=XXX
After looking at the code I noticed the following in the portability p2
patch:
+++ openssh-3.6.1p2/auth-passwd.c 2003-04-29 19:12:08.000000000 +1000
2004 May 17
2
password aging question
Vesion 3.8.1 of OpenSSH has been compiled on a Solaris 8 host. I am having
difficulties in enabling password aging to work from reading
/etc/default/passwd and /etc/shadow.
# passwd -f < user-id > works satisfactorily however once a password ages
through due course from the settings in /etc/default/passwd and /etc/shadow
the users are not prompted to change passwords and the user is logged
2003 Nov 13
1
SSHD password authentication issue in 4.9-RELEASE and 5.1-RELEASE
Wonder if you guys could help me out...have a security problem with sshd
wich enables a user to do a password login tough the sshd_config states
PasswordAuthentication no
My config works fine in both gentoo and openbsd 3.3 but users are able to
login with tunneled clear text passwords in both 4.9 and 5.1
Im lost.tried everything I can think of.
Here is the config: