|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
NIS/YP hole
ultima
CORINNE.MAC.EDUSat, 22 Feb 1997 06:05:12 -0000
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Cristian SCHIPOR: "Security hole in Solaris 2.5 (sdtcm_convert) + exploit"
- Previous message: Khelbin: "screen 3.07.02"
SCO OpenSERVER 5 exhibits a similar hole, the default login program doesn't prompt you for old passwd once it has expired. And with the many passwd-file-stealing-exploits its not hard to get the file, then analyze it to find which accounts have expired passwords (This data is kept in the last few characters of the password field). This is a pretty big hole, and jack0's post reminded me of it...
- Next message: Cristian SCHIPOR: "Security hole in Solaris 2.5 (sdtcm_convert) + exploit"
- Previous message: Khelbin: "screen 3.07.02"