Date: Thu, 22 Oct 1998 13:48:52 -0600 (MDT) From: Paul Hart <hart@iserver.com> To: Deepwell Internet <freebsd@deepwell.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: FrontPage Server Extensions Message-ID: <Pine.BSF.3.96.981022132959.5091B-100000@anchovy.orem.iserver.com> In-Reply-To: <4.1.0.67.19981022093228.009d4450@mail1.dcomm.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 22 Oct 1998, Deepwell Internet wrote:
> People around the office have been saying that the FP extensions are
> insecure and buggy, but no one can point to any real examples.
Here's one for a start:
http://users.worldgate.com/~marcs/fp/
Another possible attack that I have heard of is the lackadaisical attitude
of the extensions with regards to the service.pwd files that contain
password information, a la /etc/passwd, that can often be cracked by any
of the popular DES/UNIX password cracking programs.
Other anecdotes on FrontPage (in)security can be found by searching the
BugTraq archives (search for "frontpage") at:
http://www.netspace.org/lsv-archive/bugtraq.html
Paul Hart
--
Paul Robert Hart ><8> ><8> ><8> Verio Web Hosting, Inc.
hart@iserver.com ><8> ><8> ><8> http://www.iserver.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.981022132959.5091B-100000>