|
|
|
|
|
|
by DaSHacka
585 days ago
|
|
|
Any sufficiently poorly constructed system is indistinguishable from a legitimate vulnerability. You shouldn't need to edit an undocumented file that's force enabling an insecure authentication method in the first place. "You're using it wrong" doesn't change the fact that the defaults are poor and likely to ultimately cause more devices to be improperly configured than if it was left as sysadmins and end-users expect. |
|
|
I've been looking for info about whether it's force-enabled with a vanilla install where the user doesn't actually choose for it to be enabled. I'm happy to be educated here.
[1]: https://askubuntu.com/a/1440509