Full Disclosure mailing list archives

Re: screen 4.0.3 local Authentication Bypass

From: Alexander Klink <a.klink () cynops de>
Date: Mon, 4 Jun 2007 10:14:58 +0200

Hi,

On Mon, Jun 04, 2007 at 05:36:31AM +0200, rembrandt () jpberlin de wrote:

It has been tested on OpenBSD 4.1 + screen 4.0.3 on x86.

How to reproduce:

Lock screen using ctrl+x

I guess you mean Ctrl+a+x?

Choose a Password
Confirm the Password

Screen asks for a Password to unlock the screen.
Just press ctrl+c and it displays "Getpass error".
2 seconds later the screen is unlocked and you`ve access.

I can't reproduce this on either Mac OS X (screen 4.00.03) or
Debian (screen 4.00.02) ...

Regards,
    Alex

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

screen 4.0.3 local Authentication Bypass rembrandt (Jun 03)
- Full Path Disclosure eqDKP 1.3.2c and prior kefka (Jun 03)
- Re: screen 4.0.3 local Authentication Bypass Alexander Klink (Jun 04)
  - Re: screen 4.0.3 local Authentication Bypass Christian "Khark" Lauf (Jun 04)
    - Re: screen 4.0.3 local Authentication Bypass Schanulleke (Jun 04)
    - Re: screen 4.0.3 local Authentication Bypass Lolek of TK53 (Jun 05)
- Re: screen 4.0.3 local Authentication Bypass Lolek of TK53 (Jun 04)
  - Re: screen 4.0.3 local Authentication Bypass Pranay Kanwar (Jun 04)
    - Re: screen 4.0.3 local Authentication Bypass Sûnnet Beskerming (Jun 04)
    - Re: screen 4.0.3 local Authentication Bypass Paul Melson (Jun 05)
- Re: screen 4.0.3 local Authentication Bypass Sûnnet Beskerming (Jun 04)
- Re: screen 4.0.3 local Authentication Bypass Open Phugu (Jun 04)
- Re: screen 4.0.3 local Authentication Bypass Oliver Starke (Jun 05)

(Thread continues...)