Re: Xitami Webserver stores admin password in clear text.
From: Tom Micklovitch (h_bugtraq@yahoo.com)Date: 11/27/01
- Previous message: bugzilla@redhat.com: "[RHSA-2001:157-06] Updated wu-ftpd packages are available"
- In reply to: Larry W. Cashdollar: "Xitami Webserver stores admin password in clear text."
- Next in thread: Larry W. Cashdollar: "Re: Xitami Webserver stores admin password in clear text."
- Reply: Larry W. Cashdollar: "Re: Xitami Webserver stores admin password in clear text."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <20011127101358.8140.qmail@web20308.mail.yahoo.com> Date: Tue, 27 Nov 2001 02:13:58 -0800 (PST) From: Tom Micklovitch <h_bugtraq@yahoo.com> Subject: Re: Xitami Webserver stores admin password in clear text. To: bugtraq@securityfocus.com
This is a known issue, and certainly on windows versions on Xitami, you actually have to create
the file defaults.aut yourself, as in, actually type in it's contents.
But you are correct - it would be nice if it was encoded somehow.
A more worrying issue is the fact that defaults.aut is world readable AND writable, hence if you
have shared the drive it's on, anyone on the local network can simply replace it with their password.
=====
Be Afraid. Be VERY Afraid.
__________________________________________________
Do You Yahoo!?
Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
http://geocities.yahoo.com/ps/info1
- Previous message: bugzilla@redhat.com: "[RHSA-2001:157-06] Updated wu-ftpd packages are available"
- In reply to: Larry W. Cashdollar: "Xitami Webserver stores admin password in clear text."
- Next in thread: Larry W. Cashdollar: "Re: Xitami Webserver stores admin password in clear text."
- Reply: Larry W. Cashdollar: "Re: Xitami Webserver stores admin password in clear text."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
