Re: Demarc Puresecure v1.6 - Plaintext password issue -
From: David Barroso (dbarroso_at_s21sec.com)
Date: 05/22/03
- Previous message: Chris Robertson: "RE: Outlook Web Access authentication bypass"
- In reply to: Ryan Purita: "Demarc Puresecure v1.6 - Plaintext password issue -"
- Next in thread: Kurt Seifried: "Re: Demarc Puresecure v1.6 - Plaintext password issue -"
- Reply: Kurt Seifried: "Re: Demarc Puresecure v1.6 - Plaintext password issue -"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 22 May 2003 12:06:33 +0200 To: "Ryan Purita" <ryan@totally-connected.com>
On Wed, 21 May 2003 12:17:57 -0700
"Ryan Purita" <ryan@totally-connected.com> wrote:
The file psd.conf should be owned by root and its mode 600. Only if a person gets root access in that box, she could read the password. Lots of applications relay on that, for instance, snort, which is used by Demarc PureSecure, stores the SQL password in plain text in snort.conf.
- Previous message: Chris Robertson: "RE: Outlook Web Access authentication bypass"
- In reply to: Ryan Purita: "Demarc Puresecure v1.6 - Plaintext password issue -"
- Next in thread: Kurt Seifried: "Re: Demarc Puresecure v1.6 - Plaintext password issue -"
- Reply: Kurt Seifried: "Re: Demarc Puresecure v1.6 - Plaintext password issue -"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
