Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 26 Nov 1997 09:24:32 -0800 (PST)
From:      Craig Spannring <cts@cdsnet.net>
To:        "Daniel O'Callaghan" <danny@panda.hilink.com.au>
Cc:        warpy <warpy@suburbia.com.au>, freebsd-security@freebsd.org
Subject:   Re: Possible problem with ftpd 6.00
Message-ID:  <199711261724.JAA06393@bangkok.office.cdsnet.net>
In-Reply-To: <Pine.BSF.3.91.971126114138.28543E-100000@panda.hilink.com.au>
References:  <Pine.BSF.3.96.971125094506.991A-100000@typhoon> <Pine.BSF.3.91.971126114138.28543E-100000@panda.hilink.com.au>

next in thread | previous in thread | raw e-mail | index | archive | help
Daniel O'Callaghan writes:
 > On Tue, 25 Nov 1997, warpy wrote:
 > > Obviously there isn't much upon first glance that can
 > > be done to exploit it (at least I think so), but does it need to occur at
 > > all?

If they really did type the email address it's not very exploitable.
Unfortunatly a lot of people type their real password when prompted
for a password. 

 > Since people send their e-mail address as a password, it can be 
 > interesting to see who is logged on.  This is a feature, not a bug.

Yes, it's a feature, but it's risky enough that it should be dropped.

-- 
======================================================================
 Life is short.                 | Craig Spannring 
      Ski hard, Bike fast.      | cts@cdsnet.net
 -------------------------------+------------------------------------
 Save Cyberspace-               | On the planet Vulcan, MSDOS   
    Shoot a Perl Developer!     | would be considered illogical.
======================================================================



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199711261724.JAA06393>