| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 Jun 2007 11:05:43 +0200 From: "Lolek of TK53" <lolek1337@...glemail.com> To: "Christian Khark Lauf" <full-disclosure@...rkerlake.net> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: screen 4.0.3 local Authentication Bypass Hi, On 6/4/07, Christian Khark Lauf <full-disclosure@...rkerlake.net> wrote: > >> Screen asks for a Password to unlock the screen. > >> Just press ctrl+c and it displays "Getpass error". > >> 2 seconds later the screen is unlocked and you`ve access. > > I can't reproduce this on either Mac OS X (screen 4.00.03) or > > Debian (screen 4.00.02) ... > > So goes here. Debian Etch, Screen version 4.00.03 (FAU) 23-Oct-06. > But maybe it's because I have a password directive in my .screenrc > (You need to enter a password if you want to resume the session via > screen -r <name>) Before every list member tests this and writes a mail because of a configuration issue or a stupid patch introduces by OpenBSD, show us some code that proves the claim. Cheers Lolek _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists