home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.sys.mac.system
- Path: sparky!uunet!think.com!spool.mu.edu!umn.edu!umeecs!news-server.eecs.umich.edu!arie
- From: arie@eecs.umich.edu (Arie Covrigaru)
- Subject: AppleShare 3.0 security hole
- Message-ID: <ARIE.92Nov16100809@quip.eecs.umich.edu>
- Sender: news@zip.eecs.umich.edu (Mr. News)
- Reply-To: arie@eecs.umich.edu
- Organization: AI Lab, The University of Michigan
- Date: Mon, 16 Nov 1992 15:08:09 GMT
- Lines: 27
-
- There is a security hole in the AppleShare 3.0 password scheme.
- Suppose I am a user (or even if I am not) on an AppleShare server,
- but don't have administrator privileges. The following procedure will
- enable me to assign them to myself and thus have future access to all
- folders on the server.
-
- 1. Turn off the server.
- 2. Move the Users & Groups Data File file from the Preferences folder
- within the system folder to the root level of the system folder.
- 3. Open the administrator application. The administrator will allow you
- to set a new administrator password.
-
- Once you do that, the users and groups lists and privileges from the
- old file in the is copied to a new created file in the Preferences
- folder and you have full access to the administrator, thus giving
- yourself administrator privileges or even creating a new user name
- with administrator privileges.
- --
-
-
- Arie.
-
- =========================================================================
- | Arie Covrigaru | University of Michigan AI Lab |
- | Phone: (313)994-8887 | Room 149, Advanced Technology Bldg. |
- | Internet: arie@eecs.umich.edu | 1101 Beal Ave., Ann Arbor, MI 48109 |
- =========================================================================
-
