Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: Apps A-M :: gdm.htm

Gdm different error messages for no-such-user and bad-password may reveal login info



Vulnerability

    gdm

Affected

    Those running gdm

Description

    Cervino Ulises found following. While trying this new software  to
    replace the ``old'' xdm,  he found out that  if a wrong passwd  is
    supplied, gdm will answer  with a ``incorrect password''  message.
    So he tried  to log in  as an inexistent  user ... the  result was
    "user  unknown".   Evan  this  vulnerabilty  seems trivial it will
    reveal  to  potenntial  hacker  info  about logins on your system.
    The version tested was gdm-2.0beta4.

Solution

    You can disable  this by setting  VerboseAuth=0 in the  [Security]
    section in gdm.conf.  See the GDM manual for details.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH