|[Home] [Credit Search] [Category Browser] [Staff Roll Call]||The LINUX.COM Article Archive|
|Originally Published: Friday, 3 December 1999||Author: Quentin Cregan|
|Published to: news_enhance_security/Security News||Page: 1/1 - [Printable]|
Slackware 7.0 login bug?
There has been discussion of a login bug on BugTraq, in Slackware 7.0 that grants the potential for brute force attacks. The bug involves the way that authorisation code is called when a uid is locked or does not exist. As far as I can tell, this is useful in discovering usernames, but I may well be wrong.