OpenPAM/SSHD privacy hole (FreeBSD 9.2+ affected)

Patrick Proniewski patpro at
Sun Oct 27 22:09:39 UTC 2013

On 27 oct. 2013, at 22:50, Andrei wrote:

> On Sun, 27 Oct 2013 22:33:56 +0100
> Dag-Erling Smørgrav <des at> wrote:
>> Andrei <az at> writes:
>>> In /etc/pam.d/sshd from:
>>> auth            required             no_warn
>>> try_first_pass to:
>>> auth required no_warn try_first_pass authtok_prompt
>>> Right?
>> auth required no_warn try_first_pass
>> authtok_prompt="Password:"
>> BTW, I recently noticed that try_first_pass doesn't work as documented
>> (and hasn't for ten years), but I haven't had time to fix it yet.
> You might be surprised, but authtok_prompt="Password:" have same results as
> just authtok_prompt. Empty screen and no "Password:" prompt.
> FreeBSD 9.2 tested.

Same here (9.2-RELEASE amd64), whatever I put for authtok_prompt.
The end of a verbose attempt reads: 

debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1

and then, nothing.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4106 bytes
Desc: not available
URL: <>

More information about the freebsd-security mailing list