Mailinglist Archive: opensuse-security (601 mails)

< Previous Next >
Re: [suse-security] SuSE security reputation, etc..
  • From: dproc@xxxxxxx
  • Date: Sat, 5 Aug 2000 20:14:44 -0400
  • Message-id: <20000805201444.B607@xxxxxxxxxxxxxxx>
On Sat, 05 Aug 2000, JF wrote:

> > But they can only login as you the USER. They can never sniff the
> > root password, as your "su root" password is always encrypted.
>
> This is how I understand it.
> Even though the root passwd is encrypted on the box it is still sent
> accross the wire in plain text, therefore sniffable.
>

Maybe you cam to the thread ot of sequence? What I meant was, during
an SSH session, the su root password is encrypted across the wire.
Pretty much the only places it is plaintext are the keyboard driver
and login/pam.

But my point was that if your user password is sniffed from a
POP session, then leet can sprinkle your path with trojans, which
might sniff your su password and steal it.

Thats all. dproc


< Previous Next >
Follow Ups
References