Penetration Testing: Re: Pen testing a CVS server

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

Re: Pen testing a CVS server

From: Alexandre Carmel-Veilleux <saruman () northernhacking org>
Date: Sun, 18 May 2003 15:20:26 -0400

On Sun, May 18, 2003 at 07:17:09AM -0700, Bugsy wrote:


Checking passwords
cvs -d :pserver:root () host domain com:/wrong/cvs/root
login
Tells me if i got the root password right or not.


        Hmm, I've never been in any environement where CVS didn't have it's
own, separate, password and group files. So this should not yield an actual
user passwords. Assuming the password is different then the system one.

        I agree that the error messages should be terser in order to leak
less information, possibly with an n seconds timeout after an error.

Alex

Attachment: _bin
Description:

By Date By Thread

Current thread:

Pen testing a CVS server Bugsy (May 18)
- Re: Pen testing a CVS server Alexandre Carmel-Veilleux (May 20)
  - RE: Pen testing a CVS server Lluis Mora (May 20)
- <Possible follow-ups>
- RE: Pen testing a CVS server Royans Tharakan (May 20)