[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Raq3 admin & root passwords

Subject: Re: [cobalt-users] Raq3 admin & root passwords
From: Gordon <root@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed Apr 26 08:39:55 2000

On Wed, 26 Apr 2000, Michael Zimmermann wrote:

> Thanks for your sharing, Jens. 
> 
> Probably you are right with these missing security updates
> being easier to exploit than the plaintext telnet or gui.

Or more likely, someone just beat the web admin password page to death
till they got a password that worked, with no backoff timeout it's
possible to try an awfull lot of attempts before someone notices, it's not
protected like telnet and using the same passwords as users means you
actully get something usefull by breaking the web passwords, the apache
docs do warn about this....:(


> WHAT? Changing the admin password from the gui also changes root password?
> I've to check that...

yes, this is TRUELY lame :(

plus, anyone with the wits to browse the mailing list archives KNOWS
this...

> 
> ... Yes you are right.
> 
> So this means, the admin password is enough to get the whole machine
> (although not unnoticed). BoooHooo :o(

unnoticed if they wipe the logs....

> 
> My god, I must have got a cool ISP - he delivered my machine
> configured with different passwords. Cool guy. If anyone ever

I don't want to talk about mine -/

> wants a server located in Germany, he's http://domke.de

kewl, mp3 sites - no copyrights -/

gsh

References:
- Re: [cobalt-users] Raq3 admin & root passwords
  - From: Michael Zimmermann

Prev by Date: Re: [cobalt-users] Raq3 admin & root passwords
Next by Date: Re: [cobalt-users] how to upload before dns has propagated
Previous by thread: Re: [cobalt-users] Raq3 admin & root passwords
Next by thread: Re: [cobalt-users] Raq3 admin & root passwords

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index