VULHUB ™

The version of 'login' shipped with HP-UX 10.26 does not record unsuccessful login attempts in 'btmp'. The btmp file is used to record bad logins. It may be possible for attackers to launch a brute force attack that is not noticed by administrators who rely on btmp. The attempts may still be visible in other logs (such as syslog).

The version of 'login' shipped with HP-UX 10.26 does not record unsuccessful login attempts in 'btmp'. The btmp file is used to record bad logins. It may be possible for attackers to launch a brute force attack that is not noticed by administrators who rely on btmp. The attempts may still be visible in other logs (such as syslog).