Date: Mon, 10 Jun 1996 22:26:13 -0400 (EDT) From: Brian Tao <taob@io.org> To: Ade Barkah <mbarkah@hemi.com> Cc: security@freebsd.org Subject: Re: FreeBSD's /var/mail permissions Message-ID: <Pine.NEB.3.92.960610222129.24396I-100000@zap.io.org> In-Reply-To: <199606100214.UAA29892@hemi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 9 Jun 1996, Ade Barkah wrote:
>
> Maybe I'll try out this washington.edu daemon. Any security concerns
> with it ?
I don't see any explicity warnings about it in CERT's archives,
although it is vulnerable to a brute force attack (e.g., you can use
it to quickly check many user/passwd combinations without it breaking
the connection or logging the failed attempts).
I've got qpopper 2.2 running now and it doesn't seem to have any
of the problems I recall with 2.1.4. It logs failed authentication
attempts and refuses to accept any more commands on a bad login.
--
Brian Tao (BT300, taob@io.org, taob@ican.net)
Systems and Network Administrator, Internet Canada Corp.
"Though this be madness, yet there is method in't"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.92.960610222129.24396I-100000>