Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1997_4

Bugtraq archives for 4th quarter (Oct-Dec) 1997: visible passwd bug in kdm ?

visible passwd bug in kdm ?

Sascha Runschke (deckerMATRIX.PING.DE)
Wed, 10 Dec 1997 22:48:49 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Aleph One: "Re: Yahoo hacked"
Previous message: Aleph One: "CERT Advisory CA-97.27 - FTP_bounce"
Next in thread: J. Sean Connell: "Re: visible passwd bug in kdm ?"

-----BEGIN PGP SIGNED MESSAGE-----


Hi,

it seems that there is a bug in the login procedure of the kdm environment.
If you type your passwd when prompted for it and afterwards try to mark the
invisible passwd with the mouse, it suddenly becomes visible.

I don't think it's that dangerous, but there might be a situation where you
cannot end your login-sequence and someone else is able to access your
station.

I did not check the code yet, because I do not use kdm. But maybe
I'll have a look later.

This bug was reported by asibm.net in de.comp.os.linux.x
Message-ID: <x47m9dwee7.fsflehre2000.iwi.uni-sb.de>

regards
        sascha

- --
Sascha Runschke                           eMail : deckermatrix.ping.de
Tel: +49-(0)177-2767693                           IRCNet,EFNet : Decker
        ## Linux 2.0 - The choice of the new generation ##
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3in
Charset: latin1

iQCVAwUBNI8OOw5fVlcX77C1AQFdGAQA1Jq1Cajigge0LxBHFq7tXrtuNWtcArT2
ZrEXCThi9hhHOvqnRMNoqpxdrEBoHUB7x79u3qjPVBfMqz/Lday5mrjppitxyb9B
tAdlyU7IKA4eFaUovAuD5IMOpGycDfmg8YUGa61TW2jcMKFshz7K5MAQCJpqASHM
1MIPfeeVnAM=
=Qr4x
-----END PGP SIGNATURE-----

Next message: Aleph One: "Re: Yahoo hacked"
Previous message: Aleph One: "CERT Advisory CA-97.27 - FTP_bounce"
Next in thread: J. Sean Connell: "Re: visible passwd bug in kdm ?"