Bugtraq: Re: SSHD-1 Logging Vulnerability

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: SSHD-1 Logging Vulnerability

From: Ben Greenbaum <bgreenbaum () SECURITYFOCUS COM>
Date: Mon, 12 Feb 2001 10:55:54 -0700

While I understand you concern, I am not sure whether this
applies to SSH clients, since they are usually very
different from telnet clients. You enter the usename when you
start the client, so it's hard to get out of sync, e.g. I
have never seen a user enter
      $ ssh -l mypasswd host
This even applies to Windows SSH vs. telnet clients.


Not always. I can think of one Windows SSH client off the top of my head
that will prompt for the username and password seperately - SecureCRT. I'm
sure there are others as well that I'm just not thinking of right now...

Ben Greenbaum
Director of Site Content
SecurityFocus
http://www.securityfocus.com

By Date By Thread

Current thread:

Re: SSHD-1 Logging Vulnerability Florian Weimer (Feb 10)
- Re: SSHD-1 Logging Vulnerability Markus Friedl (Feb 12)
  - Re: SSHD-1 Logging Vulnerability Florian Weimer (Feb 12)
  - Re: SSHD-1 Logging Vulnerability Grecni, Steve (Feb 12)
- <Possible follow-ups>
- Re: SSHD-1 Logging Vulnerability Ben Greenbaum (Feb 12)