Re: bugtraq misinformation

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: der Mouse: "Re: Sun Patch Id #102060-01"
• Previous message: Casper Dik: "Re: Sun Patch Id #102060-01"

>NetWare version 3.11 does not have a cleartext password file as you
>stated on the bugtraq list, but rather, it keeps a secure hash of the
>password in the Bindery.  Physical access to the server would be
>required to obtain the hashed values.

Ok that may be true but my statement arose from a bored afternoon of
using less(1) on some of the files in \SYSTEM (NET$SYS I think) and
seeing users and what was obviously clear text passwords in a relatively
close proximity to the username... maybe garbage memory, but still all the
users were there. The caveat is I needed to be supervisor to read the
file.. :)

Cheers,
Mark

• Next message: der Mouse: "Re: Sun Patch Id #102060-01"
• Previous message: Casper Dik: "Re: Sun Patch Id #102060-01"