Bugtraq mailing list archives
Re: SSHD-1 Logging Vulnerability
From: Ben Greenbaum <bgreenbaum () SECURITYFOCUS COM>
Date: Mon, 12 Feb 2001 10:55:54 -0700
While I understand you concern, I am not sure whether this applies to SSH clients, since they are usually very different from telnet clients. You enter the usename when you start the client, so it's hard to get out of sync, e.g. I have never seen a user enter $ ssh -l mypasswd host This even applies to Windows SSH vs. telnet clients.
Not always. I can think of one Windows SSH client off the top of my head that will prompt for the username and password seperately - SecureCRT. I'm sure there are others as well that I'm just not thinking of right now... Ben Greenbaum Director of Site Content SecurityFocus http://www.securityfocus.com
Current thread:
- Re: SSHD-1 Logging Vulnerability Florian Weimer (Feb 10)
- Re: SSHD-1 Logging Vulnerability Markus Friedl (Feb 12)
- Re: SSHD-1 Logging Vulnerability Florian Weimer (Feb 12)
- Re: SSHD-1 Logging Vulnerability Grecni, Steve (Feb 12)
- <Possible follow-ups>
- Re: SSHD-1 Logging Vulnerability Ben Greenbaum (Feb 12)
- Re: SSHD-1 Logging Vulnerability Markus Friedl (Feb 12)