From owner-freebsd-security Wed Nov 26 09:24:57 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id JAA02857 for security-outgoing; Wed, 26 Nov 1997 09:24:57 -0800 (PST) (envelope-from owner-freebsd-security) Received: from bangkok.office.cdsnet.net (bangkok.office.cdsnet.net [204.118.245.49]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id JAA02834 for ; Wed, 26 Nov 1997 09:24:46 -0800 (PST) (envelope-from cts@bangkok.office.cdsnet.net) Received: (from cts@localhost) by bangkok.office.cdsnet.net (8.8.8/8.8.5) id JAA06393; Wed, 26 Nov 1997 09:24:32 -0800 (PST) Date: Wed, 26 Nov 1997 09:24:32 -0800 (PST) Message-Id: <199711261724.JAA06393@bangkok.office.cdsnet.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit From: Craig Spannring To: "Daniel O'Callaghan" Cc: warpy , freebsd-security@freebsd.org Subject: Re: Possible problem with ftpd 6.00 In-Reply-To: References: X-Mailer: VM 6.31 under Emacs 19.34.1 Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Daniel O'Callaghan writes: > On Tue, 25 Nov 1997, warpy wrote: > > Obviously there isn't much upon first glance that can > > be done to exploit it (at least I think so), but does it need to occur at > > all? If they really did type the email address it's not very exploitable. Unfortunatly a lot of people type their real password when prompted for a password. > Since people send their e-mail address as a password, it can be > interesting to see who is logged on. This is a feature, not a bug. Yes, it's a feature, but it's risky enough that it should be dropped. -- ====================================================================== Life is short. | Craig Spannring Ski hard, Bike fast. | cts@cdsnet.net -------------------------------+------------------------------------ Save Cyberspace- | On the planet Vulcan, MSDOS Shoot a Perl Developer! | would be considered illogical. ======================================================================