|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security reduction FTP service on NT4
- To: NTBUGTRAQ
LISTSERV.NTBUGTRAQ.COM - Subject: Re: Security reduction FTP service on NT4
- From: David LeBlanc <dleblancMINDSPRING.COM>
- Date: Sat, 5 Sep 1998 12:26:24 -0400
- Comments: To: Tim Chilton <Tim_ChiltonSFI.CO.UK>
- In-Reply-To: <199809042201.SAA24901camel26.mindspring.com>
- Reply-To: David LeBlanc <dleblancMINDSPRING.COM>
- Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
At 04:03 PM 9/4/98 +0100, Tim Chilton wrote: >I've just found what I consider a major reduction in overall security >resulting from the implementation differences of FTP under 3.51 vs 4.0 I'm not sure I agree that what you point out is a big deal (after all, physical security is really important), but something else that changed between 3x and 4 was that under earlier versions, only anonymous FTP logins were allowed by default. Under the current version, non-anonymous logins are allowed by default, and anyone using it would be passing user-password pairs in clear text. IMHO, this shouldn't be the default. The change may also catch people by surprise (did me), as they may assume it works the same way it used to. Oh - one other impact - the rcmd service depends on the right to log on locally as well, so if it is present on an FTP server, you may be opening it up a lot more than you intended. David LeBlanc dleblanc
- Prev by Date: Re: IE can read local files
- Next by Date: Security Bug in MS Posting Acceptor for IIS
- Prev by thread: Security reduction FTP service on NT4
- Next by thread: Re: Security reduction FTP service on NT4
- Index(es):