COMMAND

    gdm

SYSTEMS AFFECTED

    Those running gdm

PROBLEM

    Cervino Ulises found following. While trying this new software  to
    replace the ``old'' xdm,  he found out that  if a wrong passwd  is
    supplied, gdm will answer  with a ``incorrect password''  message.
    So he tried  to log in  as an inexistent  user ... the  result was
    "user  unknown".   Evan  this  vulnerabilty  seems trivial it will
    reveal  to  potenntial  hacker  info  about logins on your system.
    The version tested was gdm-2.0beta4.

SOLUTION

    You can disable  this by setting  VerboseAuth=0 in the  [Security]
    section in gdm.conf.  See the GDM manual for details.