Bugtraq: Re: SSHD-1 Logging Vulnerability

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: SSHD-1 Logging Vulnerability

From: Florian Weimer <Florian.Weimer () RUS UNI-STUTTGART DE>
Date: Mon, 12 Feb 2001 16:03:24 +0100

Markus Friedl <markus.friedl () informatik uni-erlangen de> writes:

[Logging user names harmful or not?]

While I understand you concern, I am not sure whether this
applies to SSH clients, since they are usually very
different from telnet clients. You enter the usename when you
start the client, so it's hard to get out of sync, e.g. I
have never seen a user enter
      $ ssh -l mypasswd host


Yes, this is certainly correct for the traditional command line
clients.

This even applies to Windows SSH vs. telnet clients.


IIRC, Teraterm has a combined dialog box for entering password and
user name, and I think you can confuse one with the other.

--
Florian Weimer                    Florian.Weimer () RUS Uni-Stuttgart DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

By Date By Thread

Current thread:

Re: SSHD-1 Logging Vulnerability Florian Weimer (Feb 10)
- Re: SSHD-1 Logging Vulnerability Markus Friedl (Feb 12)
  - Re: SSHD-1 Logging Vulnerability Florian Weimer (Feb 12)
  - Re: SSHD-1 Logging Vulnerability Grecni, Steve (Feb 12)
- <Possible follow-ups>
- Re: SSHD-1 Logging Vulnerability Ben Greenbaum (Feb 12)