Package: libpam-mount
Version: 0.18-6
Severity: normal
*** Please type your report below this line ***
If the pam_mount module asks directly for a password (i.e. is the first
module to require the password), the prompt spells "password:".
However, the usual Linux password prompt spells "Password:". This
difference can be used to determine if a host uses pam_mount.
Additionally - as there are quite few systems using pam_mount - this
behaviour can be used to identify a certain system.
I don't think this is a severe security risk, but it's certainly more than
just a typo.
The wrong spelling can be found in pam_mount.c, line 256 (patched file).
Cheers,
Raphael
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.22.1-mactel (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
~
