OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Macintosh Security (macsecSECUREMAC.COM)
Date: Wed Apr 18 2001 - 23:52:32 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    SecureMac.com - 04.19.2K1
    http://www.securemac.com/

    Security Advisory
     subject: Netopia's Mac OS X Timbuktu Preview
     method: not remote - console only

    Netopia's Mac OS X version of Timbuktu makes it
    possible to gain full access without logging in.

    Scenario:
    At the login screen of the freshly updated Mac OS X
    with preview version of Timbuktu for Mac OS X we
    have found a Timbuktu icon in the upper left hand
    portion of the screen. The menu contains all of the
    goodies (open timbuktu, turn tcp on/off, about, etc)
    Timbuktu users have known and loved from the
    classic OS. The menu About Timbuktu when clicked
    on gives you full control to the apple menu and
    system preferences without even being logged into
    OS X.

    Having access to the System Preferences without
    being logged in can allow access to the users panel
    where someone could change passwords or any
    system setting.

    Essentially, you've got admin access to the entire
    system prefs window and the users panel even
    shows the hidden admin/root user.

    If you have purchased this product and would like this
    issue taken care of please contact Netopia

    Netopia - "Although we welcome your feedback, the
    software is sold without warrantee"

    http://www.securemac.com/timubktuosxpreviewhole.
    cfm

    SM