Bugtraq mailing list archives

Re: Write-only devices (Was read only devices)

From: jrvalverde () samba cnb uam es (J.R.Valverde)
Date: Thu, 27 Jun 1996 10:57:02 WET

if your logs contain passwords you should be shot....

        ftp ftp.any.where.net
        # user types username too fast
        # FTP server flushes input and prompts
        Username:
        # user doesn't notice and types password
        # FTP server prompts for password
        # user realizes mistake and presses return to try again
        # FTP server notes in the logs a login error for user "pAsSwOrD"
        # user logins correctly and FTP server notes in the logs a
        # successful login for "user".

The log looks like

        FTP: failed login attempt for user "pAsSwOrD"
        FTP: successful login for user "user" two seconds later

The cracker sees that and thinks "what a strange username, and odd coincidence,
hey, maybe...." and there you are.

        The same happens for most programs that log successful and wrong
logins. If you don't record all login attempts then you don't know if
someone is trying to log-in nor if the attacker is going after a specific
account. You have to start interactively monitoring one by one all your
accounts (no account name on any logs, remember?)...

        The lesson is: *users* do make mistakes. And there's no easy
way you can both keep useful logs without them containing sensitive
information. Either they do or they are useless.

        No need to shot anyone. Just avoid sending logs in plaintext over
a network.

                                jr

Current thread:

Re: Write-only devices (Was read only devices), (continued)
- Re: Write-only devices (Was read only devices) Gary Howland (Jun 24)
  - Re: Write-only devices (Was read only devices) DevilBunny (Jun 25)
    - BoS: CERT Advisory CA-96.12 - Vulnerability in suidperl CERT Advisory (Jun 26)
    - Re: Write-only devices (Was read only devices) Matthew Cable/USA.NET Inc. (Jun 26)
    - Re: Write-only devices (Was read only devices) Dave Kinchlea (Jun 26)
- Re: Write-only devices (Was read only devices) Paul C Leyland (Jun 24)
- Re: Write-only devices (Was read only devices) Peter Jeremy (Jun 24)
  - Re: Write-only devices (Was read only devices) neill (Jun 24)
- Re: Write-only devices (Was read only devices) Adam Bauer (Jun 25)
- Re: Write-only devices (Was read only devices) Gary Howland (Jun 26)
- Re: Write-only devices (Was read only devices) J.R.Valverde (Jun 27)
  - Re: Write-only devices (Was read only devices) Ken Weaverling (Jun 27)
    - Re: Write-only devices (Was read only devices) Jonathan Lemon (Jun 27)
    - Re: Write-only devices (Was read only devices) Roderick Murchison, Jr. (Jun 27)
  - Re: Write-only devices (Was read only devices) Matthew Cable/USA.NET Inc. (Jun 27)
    - Re: Write-only devices (Was read only devices) Casper Dik (Jun 27)
    - Re: Write-only devices (Was read only devices) aleipold () clark net (Jun 27)
    - Re: Write-only devices (Was read only devices) Robert Banz (Jun 28)
- Re: Write-only devices (Was read only devices) Lew Wagner (Jun 27)
- Re: Write-only devices (Was read only devices) J.R.Valverde (Jun 28)
  - Re: Write-only devices (Was read only devices) Valdis.Kletnieks () vt edu (Jun 28)

(Thread continues...)