Bugtraq mailing list archives

Re: SSHD-1 Logging Vulnerability

From: Florian Weimer <Florian.Weimer () RUS UNI-STUTTGART DE>
Date: Fri, 9 Feb 2001 18:23:07 +0100

jose nazario <jose () SPAM THEGEEKEMPIRE NET> writes:

-          debug("Rhosts authentication failed for '%.100s', remote '%.100s', host '%.200s'.",
+          log_msg("Rhosts authentication failed for '%.100s', remote '%.100s', host '%.200s'.",
                 user, client_user, get_canonical_hostname());


I don't think this patch is a good idea.  If a user accidentally
enters his password in place of his user name, the password will show
up in the log.  That's probably the reason while logging is available
only in the debug mode.  It should be sufficient to log the IP address
of the client trying to authenticate.

--
Florian Weimer                    Florian.Weimer () RUS Uni-Stuttgart DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

Current thread:

Re: SSHD-1 Logging Vulnerability Florian Weimer (Feb 10)
- Re: SSHD-1 Logging Vulnerability Markus Friedl (Feb 12)
  - Re: SSHD-1 Logging Vulnerability Florian Weimer (Feb 12)
  - Re: SSHD-1 Logging Vulnerability Grecni, Steve (Feb 12)
- <Possible follow-ups>
- Re: SSHD-1 Logging Vulnerability Ben Greenbaum (Feb 12)