Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Possible login name leak on SunOS 5.6

From: petek () bsod net (Pete Krawczyk)
Date: Mon, 12 Oct 1998 15:43:27 -0500

It is possible for a user with time on his hands to obtain a few login
names on a SunOS 5.6 box with Desktop Login enabled.

At the gui login screen, the user is asked for a login name.  When the
user inputs it, the login client checks the user's preferences for which
wm the user will use and displays the wm choice as a graphic to the right
of the password prompt.  If the user has chosen a different wm from the
default (i.e. OpenWindows instead of CDE), this will be reflected by the
picture on the right.  Thus, an attacker could keep trying usernames until
he finds one where the wm graphic is not the same as the default wm
graphic.

This has been tested and confirmed on stock SunOS 5.6.

-Pete K
--
Pete Krawczyk  pkrawczy at uiuc dot edu -or- petek at mc dot net
 http://www.uiuc.edu/ph/www/pkrawczy  Finger for PGP public key
If you attempt to mail me at pkrawczy () mc net, I will not get it.
Previous By Date Next
Previous By Thread Next

Current thread: