<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: cleartext passwords in Remedy processes' cores

cleartext passwords in Remedy processes' cores

From: Peter A. Grina <grina_at_grina.com>
Date: Wed, 13 Nov 1996 14:04:20 -0500

Remedy makes an elaborate and very popular trouble ticket program that has
been installed in lots of sites (Wall Street firms included.)

The security hole in Remedy's product is that a core dump of either the user
processes (i.e. aruser, notifier) shows the user's password in clear text.

The other security hole exists on the Remedy server... core dumps of either
of these two daemons:

arserverd
ntserverd
... reveals the same things. The nsserverd core dump is especially nasty
since it puts the username and (cleartext) password on the same line.

-Pete Grina (grina_at_grina.com)

p.s. This was called in to Remedy.
Received on Nov 15 1996

This message: [ Message body ]
Next message: Bernd Lehle: "NT Password Cracker"
Previous message: Swarthy: "RPC Utility Release"
Next in thread: Joel Murphy: "Re: cleartext passwords in Remedy processes' cores"
Reply: Joel Murphy: "Re: cleartext passwords in Remedy processes' cores"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos