Red Hat Bugzilla – Bug 186833
Root logon possible security issue
Last modified: 2007-11-30 17:11:28 EST
Description of problem:
I'm reporting this because I think it severe enough to be registered as a
possible significant problem.
I'm running the latest FC4 as at 00:01 UTC 27th March 2006
My logon process is via putty.
Direct Root logon is forbidden via
"PermitRootLogin no" in the sshd_config file.
I normally logon as a user and then su to root
This particular time I commenced to logon with my (non-root) userid and then in
error entered the root password and pushed enter.
I was then logged on as root !!!!!
I have tried several times to replicate the problem with no success and would
normally put it down to one of those things. However the possible security issue
needs to be at least registered as a possible problem.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
I don't think that this is a real bug as you cannot reproduce it anymore. Even
if it was, it would be even impossible to find it without a reproducer. If you
can find the reproducer please reopen.