Hi, This may be too simplistic of an answer, but it actually happened here. We are an ISP, and one of my employees went to change an users password while she was su'ed to root, but she neglected to specify the customers username. Instead she typed passwd then the new password. Sure enough, she changed the root password instead of the customers password. Could you have been changing a user password on the system and inadvertantly have changed the root password instead? Lisa Casey Webmaster & SysAdmin Netlink 2000, Inc. lisaat_private ----- Original Message ----- From: "RCS" <rcsat_private> To: <incidentsat_private> Sent: Friday, January 03, 2003 11:01 PM Subject: Root password changed > I have no idea how the root password on my FreeBSD 4.0 system was = > changed, only I have access to it and I have only SMTP (sendmail = > 8.12.1), POP3 (qpopper), apache 1.3.26 and BIND 8.2.3 . Everything else = > is restricted by ACLs at the router. > > I had to enter single user mode and change it today. > > I have thoroughly checked running processes and the logs and there is = > nothing suspicious.=20 > > Please give me your opinion on what could have caused this.=20 > > Thanks > > -- > Roberto Cardona Jr. =20 > > -- > Roberto Cardona Jr. > IT/IS Manager > Corporate Office Centers | http://www.corporateofficecenters.com > > > -------------------------------------------------------------------------- -- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jan 07 2003 - 14:24:41 PST