Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 10 Jun 1996 22:26:13 -0400 (EDT)
From:      Brian Tao <taob@io.org>
To:        Ade Barkah <mbarkah@hemi.com>
Cc:        security@freebsd.org
Subject:   Re: FreeBSD's /var/mail permissions
Message-ID:  <Pine.NEB.3.92.960610222129.24396I-100000@zap.io.org>
In-Reply-To: <199606100214.UAA29892@hemi.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 9 Jun 1996, Ade Barkah wrote:
>
> Maybe I'll try out this washington.edu daemon. Any security concerns
> with it ?

    I don't see any explicity warnings about it in CERT's archives,
although it is vulnerable to a brute force attack (e.g., you can use
it to quickly check many user/passwd combinations without it breaking
the connection or logging the failed attempts).

    I've got qpopper 2.2 running now and it doesn't seem to have any
of the problems I recall with 2.1.4.  It logs failed authentication
attempts and refuses to accept any more commands on a bad login.
--
Brian Tao (BT300, taob@io.org, taob@ican.net)
Systems and Network Administrator, Internet Canada Corp.
"Though this be madness, yet there is method in't"




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.92.960610222129.24396I-100000>