[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] New Exploit?

Subject: RE: [cobalt-users] New Exploit?
From: "Oliver Schlag" <cjcs@xxxxxxxx>
Date: Tue Dec 11 12:34:02 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hy,

these passwords could manually bd added by the exploit (but not on my 
box).

Greetings
Oliver

---------- Original Message ----------------------------------
From: "Chris Demain" <cdemain@xxxxxxxxxxx>
Reply-To: cobalt-users@xxxxxxxxxxxxxxx
Date: Tue, 11 Dec 2001 13:18:29 -0500

>[outstanding exploit information snipped]
>
>> user / password (md5) / password (clear)
>>
>> trk2 / SDaVtiyNMzUYs / fucked
>> brmbrm / SD5FxnRnzpCs
>>
>
>This is not to pick a nit, but because it may be significant.
>All MD5 passwords begin with the string: $1$
>(ex. $1$lcL2mrpB$wjCsu6I.NJU9olJx8EGqp1 -- yes, an actual (hashed) 
password)
>What you have is standard UNIX crypt(3).
>What's significant about that is that they both have the same salt (SD)
>possibly either indicating a problem with you (or Cobalt's) passwd, or
>suggesting that the password was manually entered into /etc/passwd 
and/or
>/etc/shadow using vipw or similar.
>My RaQs are XTRs, so I don't have information on what format your 
machine
>uses.
>
>HTH
>Chris
>
>_______________________________________________
>cobalt-users mailing list
>cobalt-users@xxxxxxxxxxxxxxx
>To Subscribe or Unsubscribe, please go to:
>http://list.cobalt.com/mailman/listinfo/cobalt-users
>

Prev by Date: Re: [cobalt-users] Spam and AV protection
Next by Date: Re: [cobalt-users] Spam and AV protection
Previous by thread: RE: [cobalt-users] New Exploit?
Next by thread: [cobalt-users] Re: [cobalt-security] New Exploit?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index