Mailinglist Archive: opensuse-bugs (4650 mails)

< Previous Next >
[Bug 1030210] VUL-0: PAM grants network access through NM without or/and with the wrong root password
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Mon, 12 Jun 2017 07:16:38 +0000
  • Message-id: <bug-1030210-21960-AvvcZJvar7@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1030210
http://bugzilla.opensuse.org/show_bug.cgi?id=1030210#c4

--- Comment #4 from Stakanov Schufter <stakanov@xxxxxxxxxx> ---
No, this is another bug (the one where I get wallet access to my mail account
passwords after 5 to 8 wrong or right entries, does not really matter as it
seems. And there it is a random number of entries you have to do).

This bug is as follows: here we are in file permission normal.
When you suspend to disk and wake up you are asked for the root password.
You give three times an empty password and the network is up and running.
The wallet password at the first time seems to work here. (At least I haven't
tried the same trick as in the post account yet).

The same applies when you are in file permissions secure. You are asked for the
root password to change network settings. You write nonsense or you give an
empty one, it grants access after three times.
I found this out by chance while being aware to have done three errors in a row
and then was suddenly granted access. Otherwise I wouldn't have ever found out.
Up to now I have tried this only for network. I haven't tried it for other root
operations. SUDO works right it seems, at least after three wrong entries it
goes to error message and back to prompt.

Please ask if I am expressing myself not conveniently clear

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >