> On Thu, 16 Mar 1995, DaVe McComb wrote: > > I seem to have a major problem with wuftpd version wu-2.4, in that if a > > specific sequence of steps is taken, the user's password is logged to > > /var/adm/messages, wtmp, and to the screen. This is happening under > This also happens to me. I've just stepped up the amount of logging that > occurs with our main Unix box, which is an RS/6000 running AIX 3.2.5. > The ftpd is the standard one that IBM provide. If ftpd is invoked with a > -d option, and syslog logs daemon activity of debug and above, then, when > a normal user ftp's to the machine, it logs their password! Not good. cool! add this to shipping with rexd enabled and a gratuitous backdoor root login and IBM is FAST OVERTAKING SUN in the shipping with evil security holes contest. josh