This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 186833 - Root logon possible security issue
Root logon possible security issue
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: openssh (Show other bugs)
4
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Brian Brock
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-03-26 19:13 EST by Brad Horrocks
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-03-27 08:00:39 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Brad Horrocks 2006-03-26 19:13:17 EST
Description of problem:
I'm reporting this because I think it severe enough to be registered as a
possible significant problem.

I'm running the latest FC4 as at 00:01 UTC 27th March 2006

My logon process is via putty.
Direct Root logon is forbidden via 
"PermitRootLogin no" in the sshd_config file.
I normally logon as a user and then su to root

This particular time I commenced to logon with my (non-root) userid and then in
error entered the root password and pushed enter.

I was then logged on as root !!!!!

I have tried several times to replicate the problem with no success and would
normally put it down to one of those things. However the possible security issue
needs to be at least registered as a possible problem.



Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Tomas Mraz 2006-03-27 08:00:39 EST
I don't think that this is a real bug as you cannot reproduce it anymore. Even
if it was, it would be even impossible to find it without a reproducer. If you
can find the reproducer please reopen.

Note You need to log in before you can comment on or make changes to this bug.