Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Linux :: Apps A-M :: gdm.htm

Gdm different error messages for no-such-user and bad-password may reveal login info



    Those running gdm


    Cervino Ulises found following. While trying this new software  to
    replace the ``old'' xdm,  he found out that  if a wrong passwd  is
    supplied, gdm will answer  with a ``incorrect password''  message.
    So he tried  to log in  as an inexistent  user ... the  result was
    "user  unknown".   Evan  this  vulnerabilty  seems trivial it will
    reveal  to  potenntial  hacker  info  about logins on your system.
    The version tested was gdm-2.0beta4.


    You can disable  this by setting  VerboseAuth=0 in the  [Security]
    section in gdm.conf.  See the GDM manual for details.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH