Bugtraq mailing list archives
DEC OSF/1 Enhanced Security passwd problem
From: timmo () RacerX mse jhu edu (Tim DiLauro)
Date: Wed, 31 Aug 1994 12:01:22 -0400 (EDT)
Hello: I'm having trouble w/ DEC OSF/1 V2.0 Enhanced Security. Just yesterday, the passwd program decided to be very friendly and let anyone (except root) change anyone else's password. I wrote a wrapper for it so that it can't do that anymore. Any user can type "passwd username" to change anyone's password WITHOUT supplying the old password. If the user types just "passwd" then they have to supply their old password before they can change it. Strangely, when root attempts to change someone else's password, the "Old password:" prompt is given. It's almost like it's reversing the result when checking whether the user should have to supply the old password. Check your OSF/1 systems. Any ideas are welcome. -timmo Tim DiLauro Milton S. Eisenhower Library Library Systems Jack Johns Hopkins University (410) 516-5263 3400 N. Charles Street timmo () RacerX mse jhu edu Baltimore, MD 21218
Current thread:
- SunOS newsyslog bug Jean Chouanard (Aug 26)
- Re: SunOS newsyslog bug jsz (Aug 26)
- Re: SunOS newsyslog bug System Administrator (Aug 29)
- Tripwire V1.2 Release (Finally!) Gene Spafford (Aug 30)
- NFS UID bug. Casper Dik (Aug 31)
- DEC OSF/1 Enhanced Security passwd problem Tim DiLauro (Aug 31)
- <Possible follow-ups>
- Re: SunOS newsyslog bug Kenneth Kron - (Aug 26)