Users login

Create an account »


Users login

Home » Hacking News » OpenSSH Visible Password Vulnerability

OpenSSH Visible Password Vulnerability

by Nikola Strahija on November 20th, 2002 It has been discovered that the OpenSSH daemon fails to disable terminal echoing when a user is required to renew an expired password. As a result, the cleartext password may be disclosed to an adversary in close physical proximity to the victim (or one who can otherwise observe terminal output).

It is not yet known which versions of OpenSSH are vulnerable to this issue, although it has been confrimed that SuSE 7.0 through 7.3 are affected.

Remote: No

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »