This is not a HOLE. By default(I think)netscape -Enterprise/3.5.1I installs ALOT of shit that you will never need or use. But like most things people dont use people dont remove them. A major thing that netscape installs is Netscape Web Publisher. Which you can access VIA http. By default its /publisher/. Like on www.fbi.gov/publisher/ click on Start Web Publisher. Then after the java app load it will ask you for a Username and Password. Well just leave them blank and hit ENTER.. Now this is a bad idea because anyone could just brute force the User Name and password. Then after you do or dont enter a user name a password it will show you ALL files in the web dir. Now this is also a bad idea because some people leave like oh password lists,user names, cc info in the web dir. All of which you could access from the web if you had the info on were it was. So in short its a BAD idea to leave /publisher/ on netscape on. You should remove /publisher/. Most people dont give a shit like www.fbi.gov/publisher/ that you can look at all there files but there stupid so whatever.. I emailed netscape,fbi.gov about 2 weeks ago about this and I have got no reply.. So maybe they might fix it now. --flipz
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:09:54 PDT