|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Piranha password file
From: frostman
SECUREACCESS.INTRANETS.COMDate: Fri Jun 02 2000 - 14:29:38 CDT
- Next message: Elias Levy: "Re: bind running as root in Mandrake 7.0"
- Previous message: Aleph One: "New Allaire Security Zone Bulletins"
- Next in thread: arkth: "Re: Piranha password file"
- Reply: arkth: "Re: Piranha password file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Looking at the default install of Piranha on RH 6.2 the password file is world readable and encrypted with standard DES. Hence any user with a shell account can download this password file and crack it in turn giving them access to the Piranha configuration and probably more. I'm still testing to see what else can be gained. I looked over the previous advisories on your site and Red Hat's and this wasn't mentioned.
_________________________________________________________________
Get your own free, private space on the Web at www.intranets.com.
- Next message: Elias Levy: "Re: bind running as root in Mandrake 7.0"
- Previous message: Aleph One: "New Allaire Security Zone Bulletins"
- Next in thread: arkth: "Re: Piranha password file"
- Reply: arkth: "Re: Piranha password file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]