Bugtraq mailing list archives

DEC OSF/1 Enhanced Security passwd problem

From: timmo () RacerX mse jhu edu (Tim DiLauro)
Date: Wed, 31 Aug 1994 12:01:22 -0400 (EDT)


Hello:

I'm having trouble w/ DEC OSF/1 V2.0 Enhanced Security.  Just yesterday, 
the passwd program decided to be very friendly and let anyone (except 
root) change anyone else's password.  I wrote a wrapper for it so that it 
can't do that anymore.

Any user can type "passwd username" to change anyone's password 
WITHOUT supplying the old password.  If the user types just 
"passwd" then they have to supply their old password before they 
can change it.  Strangely, when root attempts to change someone else's 
password, the "Old password:" prompt is given.  It's almost like it's 
reversing the result when checking whether the user should have to supply 
the old password.

Check your OSF/1 systems.

Any ideas are welcome.

-timmo

Tim DiLauro                          Milton S. Eisenhower Library
Library Systems Jack                 Johns Hopkins University
(410) 516-5263                       3400 N. Charles Street
timmo () RacerX mse jhu edu             Baltimore, MD  21218

Current thread:

SunOS newsyslog bug Jean Chouanard (Aug 26)
- Re: SunOS newsyslog bug jsz (Aug 26)
- Re: SunOS newsyslog bug System Administrator (Aug 29)
- Tripwire V1.2 Release (Finally!) Gene Spafford (Aug 30)
- NFS UID bug. Casper Dik (Aug 31)
- DEC OSF/1 Enhanced Security passwd problem Tim DiLauro (Aug 31)
- <Possible follow-ups>
- Re: SunOS newsyslog bug Kenneth Kron - (Aug 26)