Hi,

I've recently discovered a rather nasty bug. My login password is
visible when I use the following command:

arioch@server ~ $ ssh arioch@192.168.0.1 sudo tail -f /var/log/messages; exit
Password: ********** (user - masked)
Password: my_not-so-secret-anymore_password (root - not masked)

-tail output-

This has been tested with openssh on OpenBSD, FreeBSD and Gentoo/Linux,
all with up-to-date versions of both OpenSSH and Sudo and the output is
equally the same.

Hoping to be of any service,

Tom D.V.

--
tom@penumbra.be
arioch@penumbra.be

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://www.mindrot.org/mailman/listi...enssh-unix-dev