[Bug 34171] ftpd(8) indiscrete about unprivileged user accounts
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Mar 5 19:24:35 UTC 2021
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=34171
David Schlachter <fbsd-bugzilla at schlachter.ca> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fbsd-bugzilla at schlachter.ca
--- Comment #6 from David Schlachter <fbsd-bugzilla at schlachter.ca> ---
Created attachment 223012
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=223012&action=edit
libexec/ftpd: don't leak names of unprivileged accounts
This patch will apply the same logic for 1) a valid user with an invalid shell
as for 2) a non-existent user. A user with an invalid shell will be prompted
for a password (which will not be accepted), before being presented with a "530
Login incorrect" error. ftpd will also apply the delay time between logins, as
for other failed logins. The effect is that the two cases will not be
distinguishable to clients.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list