Security Basics mailing list archives
Re: security-basics Digest 23 Sep 2003 13:18:19 -0000 Issue 734
From: "Damon McMahon" <inst_karma () hotmail com>
Date: Wed, 24 Sep 2003 16:22:02 +1000
Discussion and workaround... http://www.securemac.com/macosxnidump.php According to... http://forums.macrumors.com/archive/topic/35479-1.html...shadow passwords [as used in most other modern unices] will be a feature of Panther.
From : Matteo <dark () isnc ch> To : security-basics () securityfocus com Subject : Netinfo Manager Date : Tue, 23 Sep 2003 18:38:11 +0200 Hi,I'm using Mac OS 10.2.8 Server and today I was quite surprised to see that a normal user on my server >can obtain the encrypted passwords of all the user just using the command "nidump password .":bash-2.05a$ nidump passwd . nobody:*:-2:-2::0:0:Unprivileged User:/dev/null:/dev/null root:*EncryptedPass:0:0::0:0:System Administrator:/var/root:/bin/tcsh ...Isn't this a security flaw? Is Apple going to fix it in the next release of Mac OS X (Panther)? Now, how >to prevent users to see the passwords of the other users?
_________________________________________________________________Get less junk mail with ninemsn Premium. Click here http://ninemsn.com.au/premium/landing.asp
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: security-basics Digest 23 Sep 2003 13:18:19 -0000 Issue 734 Damon McMahon (Sep 24)