Date: Mon, 16 Dec 1996 13:42:51 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: rb@gid.co.uk (Bob Bishop) Cc: terry@lambert.org, proff@iq.org, security@freebsd.org, hackers@freebsd.org Subject: Re: vulnerability in new pw suite Message-ID: <199612162042.NAA01965@phaeton.artisoft.com> In-Reply-To: <v01540b05aeda408c7c25@[194.32.164.2]> from "Bob Bishop" at Dec 16, 96 00:03:01 am
next in thread | previous in thread | raw e-mail | index | archive | help
> Yeah, fine on an isolated machine, but those pesky users also insist on > using the same weak password on lots of different systems. So if some > sleaze does manage to get root on your system and thus access to your > shadow file, five gets you ten the user passwords he can now derive will > work on neighbouring systems. Five gets you ten that he'll just use rlogin instead, and go for root on the new system from the user account, never knowing the user's password (or caring). Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199612162042.NAA01965>