Package: login Version: 1:4.1.3.1-1 Severity: normal
If you enter an invalid login, you get "login incorrect" immediately. Expected behavior is that password should be asked regardless of login correctness. This is to mitigate user enumeration attacks. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (900, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.30-rc7-3218911f-30may2009 (SMP w/2 CPU cores) Locale: LANG=ru_UA.UTF-8, LC_CTYPE=ru_UA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages login depends on: ii libc6 2.9-12 GNU C Library: Shared libraries ii libpam-modules 1.0.1-9 Pluggable Authentication Modules f ii libpam-runtime 1.0.1-9 Runtime support for the PAM librar ii libpam0g 1.0.1-9 Pluggable Authentication Modules l login recommends no packages. login suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
