<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Piranha password file

Piranha password file

From: <frostman_at_SECUREACCESS.INTRANETS.COM>
Date: Fri, 2 Jun 2000 12:29:38 -0700

Looking at the default install of Piranha on RH 6.2 the password file is world readable and encrypted with standard DES. Hence any user with a shell account can download this password file and crack it in turn giving them access to the Piranha configuration and probably more. I'm still testing to see what else can be gained. I looked over the previous advisories on your site and Red Hat's and this wasn't mentioned.

_________________________________________________________________
Get your own free, private space on the Web at www.intranets.com.
Received on Jun 08 2000

This message: [ Message body ]
Next message: Elias Levy: "Re: bind running as root in Mandrake 7.0"
Previous message: Aleph One: "New Allaire Security Zone Bulletins"
In reply to: Ussr Labs: "Local FreeBSD, Openbsd, NetBSD, DoS Vulnerability"
Next in thread: arkth: "Re: Piranha password file"
Reply: arkth: "Re: Piranha password file"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos