Re: Login anomaly or security issue?

Jason Marshall (marshalj@spots.ab.ca)
Fri, 25 Jul 1997 10:18:37 -0600 (MDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David Davies: "Dead OR-M/NOT !!"
Previous message: Alex: "56K Upgrade"
In reply to: Gordon Soukoreff: "Sorry ! ARrgh Re: Was.. Re: Chan. T1"
Next in thread: portmaster@ednet.co.uk: "Re: Login anomaly or security issue?"

> A user, lets call him 'joe' accidentally logged in yesterday with his
> username, a space and his lastname, 'joe last'. He authenticated
> just fine, and a show session listed him as 'joe last', as did the detail
> file. We are using radius, system authentication to a linux box.
> Haven't checked yet to see if I can log into linux as 'joe testguy'
> (but I seriously doubt it). I don't know if this is a security
> issue, but at the very least, it makes examining the detail file a
> little more difficult.

This was brought up about 2.5 years ago... We modified out 1.16 source to
truncate anything after and including a space in the username field before
doing anything with it. Nothing broke for us, but I offer no guarantees.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
| Jason Marshall, marshalj@spots.ab.ca. Spots InterConnect, Inc. Calgary, AB |
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Next message: David Davies: "Dead OR-M/NOT !!"
Previous message: Alex: "56K Upgrade"
In reply to: Gordon Soukoreff: "Sorry ! ARrgh Re: Was.. Re: Chan. T1"
Next in thread: portmaster@ednet.co.uk: "Re: Login anomaly or security issue?"