mailing list archives
Re: OpenSSH/PAM timing attack allows remote users identification
From: Michael Shigorin <mike () osdn org ua>
Date: Fri, 2 May 2003 16:15:59 +0300
On Wed, Apr 30, 2003 at 04:34:27PM +0200, Marco Ivaldi wrote:
NOTE. FreeBSD uses both a different PAM implementation and a
different PAM support in OpenSSH: it doesn't seem to be
vulnerable to this particular timing leak issue.
Are you talking of CURRENT branch? 4.x use linux-PAM as well.
---- WBR, Michael Shigorin <mike () altlinux ru>
------ Linux.Kiev http://www.linux.kiev.ua/