- markus@cvs.openbsd.org 2003/08/26 09:58:43

     [auth-passwd.c auth.c auth.h auth1.c auth2-none.c auth2-passwd.c]
     [auth2.c monitor.c]
     fix passwd auth for 'username leaks via timing'; with djm@, original
     patches from solar

1 files changed, 1 insertions, 1 deletions

diff --git a/monitor.c b/monitor.c
index 9ea7b93b9..e5656470d 100644
--- a/monitor.c
+++ b/monitor.c
@@ -649,7 +649,7 @@ mm_answer_authpassword(int socket, Buffer *m)
         passwd = buffer_get_string(m, &plen);
         /* Only authenticate if the context is valid */
         authenticated = options.password_authentication &&
-            auth_password(authctxt, passwd) && authctxt->valid;
+            auth_password(authctxt, passwd);
         memset(passwd, 0, strlen(passwd));
         xfree(passwd);