Date: Thu, 22 Oct 1998 13:48:52 -0600 (MDT) From: Paul Hart <hart@iserver.com> To: Deepwell Internet <freebsd@deepwell.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: FrontPage Server Extensions Message-ID: <Pine.BSF.3.96.981022132959.5091B-100000@anchovy.orem.iserver.com> In-Reply-To: <4.1.0.67.19981022093228.009d4450@mail1.dcomm.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 22 Oct 1998, Deepwell Internet wrote: > People around the office have been saying that the FP extensions are > insecure and buggy, but no one can point to any real examples. Here's one for a start: http://users.worldgate.com/~marcs/fp/ Another possible attack that I have heard of is the lackadaisical attitude of the extensions with regards to the service.pwd files that contain password information, a la /etc/passwd, that can often be cracked by any of the popular DES/UNIX password cracking programs. Other anecdotes on FrontPage (in)security can be found by searching the BugTraq archives (search for "frontpage") at: http://www.netspace.org/lsv-archive/bugtraq.html Paul Hart -- Paul Robert Hart ><8> ><8> ><8> Verio Web Hosting, Inc. hart@iserver.com ><8> ><8> ><8> http://www.iserver.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.981022132959.5091B-100000>