Bug 186833

Summary: Root logon possible security issue
Product: [Fedora] Fedora Reporter: Brad Horrocks <bradhorrocks>
Component: opensshAssignee: Tomas Mraz <tmraz>
Status: CLOSED NOTABUG QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 4Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-03-27 08:00:39 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Brad Horrocks 2006-03-26 19:13:17 EST
Description of problem:
I'm reporting this because I think it severe enough to be registered as a
possible significant problem.

I'm running the latest FC4 as at 00:01 UTC 27th March 2006

My logon process is via putty.
Direct Root logon is forbidden via 
"PermitRootLogin no" in the sshd_config file.
I normally logon as a user and then su to root

This particular time I commenced to logon with my (non-root) userid and then in
error entered the root password and pushed enter.

I was then logged on as root !!!!!

I have tried several times to replicate the problem with no success and would
normally put it down to one of those things. However the possible security issue
needs to be at least registered as a possible problem.



Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Tomas Mraz 2006-03-27 08:00:39 EST
I don't think that this is a real bug as you cannot reproduce it anymore. Even
if it was, it would be even impossible to find it without a reproducer. If you
can find the reproducer please reopen.