Definition[edit | edit source]
A login-spoofing program is a program that represents itself as a login program in order to steal your password. For example, a spoofing program might print the UNIX login banner on an unattended system and wait for input from the user. The user dutifully types in the user name, and the program prompts for the password, turning off character echo. After storing away the user's password, the program reports that the password is incorrect and exits, which causes the real login program to be started on the system. The user then logs in, mistakenly assuming that he or she previously mistyped the name or password, and starts a session.