[serious bug] SSH password transmitted in CLEAR TEXT
Posted: Thu Dec 04, 2014 9:54 am
Hi,
I use RVNC v4.5.4 on iOS 5.1.1 /w SSH addon.
I have a connection (one out of 4, RDP over SSH) where -if I leave the username empty- it is not requested but the connection tried leading to revealing my password to root:
/var/log/auth.log:
Pleae fix, and please make sure that fix is available for iOS 5.1.1 (iPad "1", cannot update OS anymore)
I use RVNC v4.5.4 on iOS 5.1.1 /w SSH addon.
I have a connection (one out of 4, RDP over SSH) where -if I leave the username empty- it is not requested but the connection tried leading to revealing my password to root:
/var/log/auth.log:
- Code: Select all
Dec 4 14:45:42 srv sshd[29723]: Invalid user MyPaSsWoRd from 1.2.3.4
Dec 4 14:45:42 srv sshd[29723]: Failed none for invalid user MyPaSsWoRd from 1.2.3.4 port 54321 ssh2
Dec 4 14:45:42 srv sshd[29723]: pam_unix(sshd:auth): check pass; user unknown
Dec 4 14:45:42 srv sshd[29723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=remote.host.net
Pleae fix, and please make sure that fix is available for iOS 5.1.1 (iPad "1", cannot update OS anymore)