On Sat, Apr 06, 2002 at 05:47:14PM +0200, Vincent wrote: > Hi, > > I found something quite strange while fiddling with openssh on my > firewall... > > If I try to login using a valid username and a bogus password, I get a > slight delay before getting another 'password:' prompt. However, If I use a > bogus username _and_ a bogus password, the prompt appears immediately. > > I tested this on an up-to-date woody system and a sid one, and both exhibit > the same behavior. I cannot believe it is intended, as it could be easily > used to guess valid usernames remotely with some kind of brute force > scanner. i noticed the same things if the user/pass are on a NIS server esported to the machine i'm logging
cya Samuele -- Samuele Giovanni Tonon <[EMAIL PROTECTED]> http://www.linuxasylum.net/~samu/ Acid -- better living through chemistry. Timothy Leary -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
