Re: IIS 4.0 admin bug

From: Aleph One (aleph1at_private)
Date: Fri Jun 25 1999 - 10:58:15 PDT

Next message: stackat_private: "Fwd: Fw: pine exploit (fwd)"

Previous message: aleph1at_private: "Microsoft Security Bulletin (MS99-022)"
Maybe in reply to: Adam Sampson: "IIS 4.0 admin bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Folks, the password must be stored in clear text. The best you
can do is obfuscate it. Its just a fact you need the plain text
password under NT to impersonate an account unless they have connected
to the server through a named pipe or some other similar mechanism.
This is why IIS need to password to impersonate the account that
owns the directory to access it.


--
Aleph One / aleph1at_private
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01

Next message: stackat_private: "Fwd: Fw: pine exploit (fwd)"
Previous message: aleph1at_private: "Microsoft Security Bulletin (MS99-022)"
Maybe in reply to: Adam Sampson: "IIS 4.0 admin bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:50:52 PDT