mailing list archives
Re: Xitami Webserver stores admin password in clear text.
From: Tom Micklovitch <h_bugtraq () yahoo com>
Date: Tue, 27 Nov 2001 02:13:58 -0800 (PST)
This is a known issue, and certainly on windows versions on Xitami, you actually have to create
the file defaults.aut yourself, as in, actually type in it's contents.
But you are correct - it would be nice if it was encoded somehow.
A more worrying issue is the fact that defaults.aut is world readable AND writable, hence if you
have shared the drive it's on, anyone on the local network can simply replace it with their password.
Be Afraid. Be VERY Afraid.
Do You Yahoo!?
Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.