|
|
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
2008/7/8, Ben Ford <ben@xxxxxxxxxxxxxx>: > No. He's saying that it leaks information that doesn't need to be leaked. > > For comparison, long long ago, there used to be different error messages > when authentication failed. It would helpfully tell you that your password > was wrong, or that you'd supplied the wrong username. Great for debugging, > right? Well yeah ... and it was great for enumerating the users on the box, > making further attacks much simpler. How about leaving what ssh server sends to the client as it is but making it at least log in syslog that the key was not found? VL
[Home] [Fedora Users] [Fedora Legacy] [Fedora Desktop] [Fedora Bible] [Big List of Linux Books] [Yosemite Photos] [Yosemite News] [Yosemite Campsites] [KDE Users] [Gnome Users]
|
|