Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1995_2

Bugtraq archives for 2nd quarter (Apr-Jun) 1995: Re: password backdoors

Re: password backdoors

Paul Szabo (szabo_pmaths.su.oz.au)
Thu, 11 May 95 12:49:25 +1000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: John F. Haugh II: "Re: impossible vs. impractical"
Previous message: Dave Mischler: "Re: password backdoors"
Maybe in reply to: System Admin: "password backdoors"
Next in thread: Rick Weldon: "Re: password backdoors"

Lyndon (formerly from Rover?) (System Admin <rootsentinet.demon.co.uk>)
wrote:
> I have an old Apollo box running Domain 10.4.1 and lost the password for
> root, the only account. ... the HP service engineer said that I should have
> given him a ring as they have a way to get in ! ... Can anyone enlighten me
> further into how this would be done

I am sure your HP engineer was just boasting, I am sure there are no
'password backdoors' in Domain/OS. However, Domain/OS (as installed by
default) has many other security holes which allow anyone (preferably with
physical access) to do anything they like. Even though this is a full
disclosure list, I would prefer not to elaborate on how to expoit these
holes, but rather point you to a set of scripts which close most (all?) of
them:

  ftp://ftp.maths.su.oz.au/protect/scripts.tar.Z

Paul Szabo - System Manager   //        School of Mathematics and Statistics
szabo_pmaths.su.oz.au        //   University of Sydney, NSW 2006, Australia

Next message: John F. Haugh II: "Re: impossible vs. impractical"
Previous message: Dave Mischler: "Re: password backdoors"
Maybe in reply to: System Admin: "password backdoors"
Next in thread: Rick Weldon: "Re: password backdoors"