13 Sep
2016
13 Sep
'16
19:06
jdd wrote:
Le 13/09/2016 à 17:53, Bjoern Voigt a écrit :
As a result, if an attacker already knows the root password, but has no access to the OTP generating device,
?
he can boot into single user /
rescue mode and there he can login with the known root password.
one can boot without any passwd with init=bash (or something similar, I say this from memory)
and with rescue disk, root have no passwd This is not possible with a highly hardened computer.
but I'm not sure to understand your question :-
Please read my initial mail in this thread: https://lists.opensuse.org/opensuse/2016-09/msg00123.html Greetings, Björn -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org