Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Adrian Bolzan (Adrian.BolzanAOT.COM.AU)
Date: Mon Mar 12 2001 - 18:05:51 CST
I have attempted to log in as a print server and could not log in.
I am running NW5.1 SP1a.
I am niot using NDPS and tried all of the print servers with no password. is
there a trick to logging in as a print server?
On 12 Mar 01, at 8:17, Kain wrote:
> On Thu, Mar 08, 2001 at 01:36:23PM -0700, Vulnerability Help wrote: >
> The information in this advisory was supplied by Chris Hughes >
> <hughescjusa.net>. This security advisory is not endorsed by >
> Security-Focus.com. > > Vulnerability in Novell Netware > Date
> Published: 03/08/01 > Advisory ID: n/a > Bugtraq ID: 2446 > CVE CAN:
> None currently assigned. > Title: Novell Netware Print Server
> Vulnerability > Class: Configuration Error > Remotely Exploitable: Yes
> > Locally Exploitable: Yes > > Vulnerability Description: Novell
> Netware allows a user to log into a > Novell Network by using a
> Printer Server as the username. By default, > Novell Print Servers
> have blank passwords. > In addition, Novell Print Servers do not have
> intruder detection capability > as a user account would, so they are
> vulnerable to a brute force attack > without risk of account lockout.
> When a Print Server is logged into as a > User, the account will have
> the same rights as are assigned to the container > that it resides in.
> I haven't worked with netware since 4.11, but I remember that the
> documentation (Netware Manuals) covers this. It mentions that to
> handle print-spools and the like, Netware Printer Servers need a user
> object to work as and to protect that user accordingly. Someone
> correct me if I'm wrong here.
> Granted, with NDS, it may no longer have been necessary to have that
> user, but Novell wanted to have Bindery compatability.
> There *ARE* ways to works around this, even though it still is a
> design flaw, it's not a severe insecurity IMHO. -- ** Bryon Roche,
> Kain <kainchaosium.net>
Dr Adrian Bolzan
The Australian Outback Travel Group
Level 8, 420 St. Kilda Road
Melbourne, Victoria 3004, AUSTRALIA
Tel: +61 3 98677233
Fax: +61 3 98677244
Winner - 1999 Australian Export Awards
Winner - 1999 Governor of Victoria Export Awards