[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] root password stored in plain-text?
- Subject: Re: [cobalt-users] root password stored in plain-text?
- From: Sonny Taite <sonny@xxxxxxxxx>
- Date: Wed Sep 25 14:17:00 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Unfortunately that looks like a common "0wn3d" fingerprint. For some reason
root kits like to put things in /usr/man/man1 - but generally use things
like spaces before names to hide the directories.
They generally run perl sniffers which pick out usernames and passwords -
appending these to files like the one you have described.
This is not to say you have definitely been "r00t3d" (although it does look
bad :(
Download and run the chkrootkit tool to check your system - you should
probably do this anyway with the slapper worm doing the rounds.
... There is absolutely no way the below scenario is NORMAL though.
rgs
Sonny.
On 9/26/02 8:01 AM, "Joseph Lundgren" <josephl@xxxxxxxxxxxx> wrote:
> Say, is this normal??
>
> [root admin]# cat /usr/man/man1/version.1.gz
> _SSHD_ USER:root PASS:**MY_FRICKIN_ROOT_PASSWORD!!!!**
>
> (where **MY_FRICKIN_ROOT_PASSWORD!!!!** is my real honest-to-goodness
> root/admin password in PLAIN TEXT!!)
>
> Have I been pwned?
>
> Cobalt RaQ4r
> fully updated as per sun official updates
> sshd version OpenSSH_3.4p1
>
>
>
>
> Joseph Lundgren
> System Administrator
> josephl@xxxxxxxxxxxx
> Nu-World Communications
> http://www.nu-world.com
>
> Nu-World Communications
> 4015 Main St. Suite B
> Springfield, OR 97478
> (541)687-7200
> (541)736-1094 (fax)
> 1-866-832-4872 (24-hour technical support)
>
> _____________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>