<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Re: cleartext passwords in Remedy processes' cores

Re: cleartext passwords in Remedy processes' cores

From: Joel Murphy <jmurphy_at_cnu.acsu.buffalo.edu>
Date: Fri, 15 Nov 1996 21:09:40 -0500

> The security hole in Remedy's product is that a core dump of either the user
> processes (i.e. aruser, notifier) shows the user's password in clear text.

Anyone who is an administrator in Remedy can fetch any password in
plain text from the server with a trivial program using the ARS api.
It also has an annoying feature were the client tool by default saves
your password to file in form that it knows how to decryt. Don't use
passwords from other systems in Remedy...

Joel Murphy
Received on Nov 16 1996

This message: [ Message body ]
Next message: Doug Hughes: "Re: Possible SunOS 5.5.1 sulogin vulnerability"
Previous message: Michael Douglass: "Re: Possible SunOS 5.5.1 sulogin vulnerability"
In reply to: Peter A. Grina: "cleartext passwords in Remedy processes' cores"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos