Home page logo

basics logo Security Basics mailing list archives

Re: Multiple login accounts with root privileges
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Mon, 7 Apr 2008 18:09:38 +0200

On 2008-04-07 ganesh mahadevan wrote:
I was testing a thin client box and found that I could login as Root,
Administrator and Admin (all with the same password).  whoami
indicated 'root' in all three cases.  Is this some sort of aliasing
going on? I may not be entirely correct on this but shouldn't the
number of users with root privileges be restricted?

Advice #1: always post the operating system.

Since you mention "root" and "whoami" I'm assuming that you're talking
about some Unix flavour. In that case take a look at /etc/passwd and
/etc/shadow. You most likely find that you have multiple accounts with
UID 0 and the same password (hash). When you have more than one admin
for a Unix or Linux system it's rather common to have multiple accounts
with UID 0. In your case, however, it looks rather like you don't have
several users, but only several different account names for the same
role, which doesn't make much sense IMHO.

What is your advice on this issue?

Find out why there the additional root accounts exist, and if there's no
reason for them to be there: delete them.

Ansgar Wiechers
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]