Re: Xitami Webserver stores admin password in clear text.

From: Tom Micklovitch (h_bugtraqat_private)
Date: Tue Nov 27 2001 - 02:13:58 PST

Next message: Randolf Richardson: "Re: double dot vulnerability on a site running Informix database."

Previous message: bugzillaat_private: "[RHSA-2001:157-06] Updated wu-ftpd packages are available"
In reply to: Larry W. Cashdollar: "Xitami Webserver stores admin password in clear text."
Next in thread: Larry W. Cashdollar: "Re: Xitami Webserver stores admin password in clear text."
Reply: Larry W. Cashdollar: "Re: Xitami Webserver stores admin password in clear text."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is a known issue, and certainly on windows versions on Xitami, you actually have to create
the file defaults.aut yourself, as in, actually type in it's contents.

But you are correct - it would be nice if it was encoded somehow.

A more worrying issue is the fact that defaults.aut is world readable AND writable, hence if you
have shared the drive it's on, anyone on the local network can simply replace it with their password.

=====
Be Afraid. Be VERY Afraid.

__________________________________________________
Do You Yahoo!?
Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
http://geocities.yahoo.com/ps/info1

Next message: Randolf Richardson: "Re: double dot vulnerability on a site running Informix database."
Previous message: bugzillaat_private: "[RHSA-2001:157-06] Updated wu-ftpd packages are available"
In reply to: Larry W. Cashdollar: "Xitami Webserver stores admin password in clear text."
Next in thread: Larry W. Cashdollar: "Re: Xitami Webserver stores admin password in clear text."
Reply: Larry W. Cashdollar: "Re: Xitami Webserver stores admin password in clear text."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Nov 28 2001 - 05:49:28 PST