Package: libpam-modules Version: 0.99.7.1-7 Severity: grave Tags: security Justification: user security hole
In the console login prompt entering a non-existent login you get a "Login incorrect" message WITHOUT being asked for any password. This is a serious security hole, because pam are revealing information about the accounts there are in the system. Version 1.0.1 of the pam packages seem to have the same problem. Regards, Roberto Lumbreras -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.24-1-686 (SMP w/2 CPU cores) Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libpam-modules depends on: ii libc6 2.7-10 GNU C Library: Shared libraries ii libdb4.6 4.6.21-8 Berkeley v4.6 Database Libraries [ ii libpam0g 0.99.7.1-7 Pluggable Authentication Modules l ii libselinux1 2.0.59-1 SELinux shared libraries libpam-modules recommends no packages. libpam-modules suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
