Re: Problems with wuftpd - password logging(?)

joshua geller (joshua@dee.retix.com)
Fri, 31 Mar 1995 15:59:20 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Marc Tamsky: "Re: Network Monitoring and Control (announcement)"
Previous message: Tom Fitzgerald: "Re: Watcher page moved (and ObBug)"
In reply to: Dave Roberts: "Re: Problems with wuftpd - password logging(?)"
Next in thread: John F. Haugh II: "Re: Problems with wuftpd - password logging(?)"

>   On Thu, 16 Mar 1995, DaVe McComb wrote:

>   > I seem to have a major problem with wuftpd version wu-2.4, in that if a 
>   > specific sequence of steps is taken, the user's password is logged to 
>   > /var/adm/messages, wtmp, and to the screen.  This is happening under 

>   This also happens to me.  I've just stepped up the amount of logging that 
>   occurs with our main Unix box, which is an RS/6000 running AIX 3.2.5.  

>   The ftpd is the standard one that IBM provide.  If ftpd is invoked with a 
>   -d option, and syslog logs daemon activity of debug and above, then, when 
>   a normal user ftp's to the machine, it logs their password!  Not good.  

cool! add this to shipping with rexd enabled and a gratuitous backdoor
root login and IBM is FAST OVERTAKING SUN in the shipping with evil security
holes contest.

josh

Next message: Marc Tamsky: "Re: Network Monitoring and Control (announcement)"
Previous message: Tom Fitzgerald: "Re: Watcher page moved (and ObBug)"
In reply to: Dave Roberts: "Re: Problems with wuftpd - password logging(?)"
Next in thread: John F. Haugh II: "Re: Problems with wuftpd - password logging(?)"