I was wondering while looking at "MPEi/X Default Accounts" plugin and
comparing its tests with CIRT's password list [1] there seems to be some
discrepancy between them.
CIRT's lists passwords as:
"Hewlett-Packard","HP 2000/3000
MPE/xx","N/A","Multi","FIELD","SUPPORT","N/A",""
That is, user "FIELD" password "SUPPORT"
But the plugin lists the accounts as
(...)
accounts[10] = "SUPPORT.FIELD";
and is sent as
(...)
username = accounts[i];
user = string("USER ", username, CRLF);
Should this be done sending first a USER (FIELD) and then a password
(SUPPORT) or does the MPEi/X support this strange (non-RFC?) method of
logging into a FTP server.
It seems, also, that some of the default accounts listed in CIRT's are
not included
Username | Password
----------------------
OPERATOR DISC
FIELD SERVICE
FIELD LOTUS
FIELD HPONLY
HELLO MGR.SYS
HELLO FIELD.SUPPORT
HELLO OP.OPERATOR
MAIL REMOTE
MAIL MPE
.....
I can do a better cross-check but I would like to know if the plugin
behaviour is correct or if I'm missing something...
Regards
Javi
[1] http://www.cirt.net/cgi-bin/passwd.pl
This archive was generated by hypermail 2b30 : Wed Jun 04 2003 - 02:22:25 PDT