From nobody Thu Feb 11 13:35:32 1999 Received: (from nobody@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA21119; Thu, 11 Feb 1999 13:35:32 -0800 (PST) (envelope-from nobody) Message-Id: <199902112135.NAA21119@hub.freebsd.org> Date: Thu, 11 Feb 1999 13:35:32 -0800 (PST) From: kaiserppo@erols.com To: freebsd-gnats-submit@freebsd.org Subject: Security Hole -- Easy way to get users passwords X-Send-Pr-Version: www-1.0 >Number: 10037 >Category: i386 >Synopsis: Security Hole -- Easy way to get users passwords >Confidential: no >Severity: non-critical >Priority: high >Responsible: freebsd-bugs >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Feb 11 13:40:01 PST 1999 >Closed-Date: Sat Mar 20 13:56:02 PST 1999 >Last-Modified: Sat Mar 20 13:57:12 PST 1999 >Originator: Ben Howard >Release: 2.2.6 i386 >Organization: >Environment: FreeBSD rasputin.net 2.2.6 RELEASE FreeBSD 2.2.6-RELEASE #5 Wed Feb 3,19:15:05 GMT 1999 toor@rasputin.net:/usr/src/sys/compile/RASPUTIN i386 >Description: Simple- a superuser can run cat on the /dev/ttyvX (X being the virtual terminal number), when a user enters in there password, the superuser can see the password. >How-To-Repeat: Log on as a superuser type: cat /dev/ttyvX then flop over to that terminal log on go back to the terminal where you logged on as superuser notice the lovely password that you know have. >Fix: No know fix. But it is illegal for buisnesses, schools, etc. to archive password of their users. This also works for network logons. >Release-Note: >Audit-Trail: From: Bill Fumerola To: kaiserppo@erols.com Cc: freebsd-gnats-submit@FreeBSD.ORG Subject: Re: i386/10037: Security Hole -- Easy way to get users passwords Date: Thu, 11 Feb 1999 17:20:40 -0500 (EST) On Thu, 11 Feb 1999 kaiserppo@erols.com wrote: > >Description: > Simple- a superuser can run cat on the /dev/ttyvX (X being the virtual > terminal number), when a user enters in there password, the superuser > can see the password. This is not a bug. The password has to be read somehow. > >Fix: > No know fix. But it is illegal for buisnesses, schools, etc. to archive > password of their users. This also works for network logons. Since when? - bill fumerola - billf@chc-chimes.com - BF1560 - computer horizons corp - - ph:(800) 252-2421 - bfumerol@computerhorizons.com - billf@FreeBSD.org - State-Changed-From-To: open->closed State-Changed-By: billf State-Changed-When: Sat Mar 20 13:56:02 PST 1999 State-Changed-Why: The ability for root to read/write terminals cannot be changed. If a system administrator wants to compromise his own system's passwords there are a million ways to do it, but all require root, resulting in a catch 22. >Unformatted: