Vulnerability Development mailing list archives
Re: is this something?
From: Samuel festus Stover <sstover () visto com>
Date: Thu, 18 Jan 2001 04:34:27 -0800
Korhan (and others), The exploit isn't that the guest account can be compromised without knowing the password, but rather that you can actually log in as guest which shouldn't be allowed by the default telnet server config. If you had attempted to log in as "guest" you would have rec'd a message saying that "Login through Guest account not allowed". If you then try to log in as \\guest, you are met with a password prompt: <snip from your post> Microsoft (R) Windows (TM) Version 5.00 (Build 2195) Welcome to Microsoft Telnet Service Telnet Server Build 5.00.99201.1 login: \\guest password: Logon failure: unknown user name or bad password. <end snip> S. festus Blame is for God and small children. Dega/"Papillon" ___________________________________________________________________________ Visit http://www.visto.com/info, your free web-based communications center. Visto.com. Life on the Dot.
Current thread:
- Re: is this something?, (continued)
- Re: is this something? ghandi (Jan 17)
- Re: is this something? Phil Cox (Jan 17)
- Re: is this something? Mike Sues (Jan 18)
- Re: is this something? Morten Johansen (Jan 17)
- Re: is this something? Korhan Gurler (Jan 17)
- Re: is this something? Philip Stoev (Jan 17)
- Re: is this something? Sven Michels (Jan 17)
- Re: is this something? Steve (Jan 18)
- Re: is this something? NetW3.COM Consulting (Jan 17)
- Re: is this something? Samuel festus Stover (Jan 17)
- Re: is this something? Samuel festus Stover (Jan 18)
- Re: is this something? Roland Morales (Jan 18)