|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: [suse-security] connection via telnet, XServer, ssh
From: Peer Stefan (stefan.peer
tiwag.at)
Date: Wed Apr 16 2003 - 03:57:17 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi
> From: Habichtsberg, R. [mailto:reinhard.habichtsbergunilux.de]
> Hi all,
>
> how do you estimate the security risk of the following situation:
>
> I log into a linux-server from a windows-client via telnet as
> normal user.
Why don't you use ssh? There are many nice windows ssh clients out there, putty for example.
> From the linux-server I start a x-session
> (command: konsole -display windows-client:0,0)
> to a x-server (MIXServer 5.6) on the windows-client.
>
> From this session I open a ssh-session to a second linux-server
> where I have to work as root (su -).
>
> Now, if I would scan the data between the windows PC and the
> linux-servers
> could I read them not coded, particularly could I read the
> root password
> in plaintext?
Yes. The password is transmitted via X over the network, which isn't encrypted afaik.
But that's relatively easy to check - just sniff the network and try finding the passwort (or any other phrase you have entered on the console, e.g. something like echo "Find me in the sniffer log."
>
> TIA,
> Reinhard
regards,
Stefan
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]