Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Annoying Solaris/CDE/NIS+ bug
From: fcusack () ICONNET NET (Frank Cusack)
Date: Tue, 13 Oct 1998 21:03:16 -0400

dbell <dbell () BWAY NET> writes:

I didn't see this, or anything similar to it in the archives, but please
forgive me if it's well known:

If a Solaris 2.6 host is a NIS+ client, and any user other than root is
running CDE at the console, CDE's screen locking feature does not work.
Any random string is sufficient to unlock to console. Obviously, this is

The bug has nothing to do with NIS+. The CDE screenlocker (dtsession)
accepts either the user's password or the root password to unlock
the screen.

When root doesn't have a password, it accepts anything. A bug? hardly.
Install a root password.


Frank Cusack       + Today's Haiku   No keyboard present
Icon CMT Corp.     + error message:  Hit F1 to continue
PGP: C001AA75      +                 Zen engineering?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]