Bugtraq mailing list archives
Re: Write-only devices (Was read only devices)
From: murchiso () vivid newbridge com (Roderick Murchison, Jr.)
Date: Thu, 27 Jun 1996 17:59:18 -0400
For REAL sneaky fun... crank down the debug level in wu-ftpd and check out your syslog. It will contain all the userid/password pairs used to access your system via ftp in plain text. I pointed this out to a few log-happy friends who didn't realize this was happening and they were very surprised to find this information in a world-readable logfile. -r On Thu, 27 Jun 1996, Ken Weaverling wrote:
On Thu, 27 Jun 1996, J.R.Valverde (jr) wrote:FTP: failed login attempt for user "pAsSwOrD" FTP: successful login for user "user" two seconds laterI always wondered why the heck this happens. While knowing what account is being attempted is valuable, why the heck doesn't the code just try and see if pAsSwOrD is a valid account name? If it isn't, don't display it or say "failed login attempt for an undefined system user." If the attempt was to a valid account name, then record that info. If one of your users is using another account name as a password, your obviously not appending your list of user account names to your Crack dictionary.
Current thread:
- Re: Write-only devices (Was read only devices), (continued)
- Re: Write-only devices (Was read only devices) Matthew Cable/USA.NET Inc. (Jun 26)
- Re: Write-only devices (Was read only devices) Dave Kinchlea (Jun 26)
- Re: Write-only devices (Was read only devices) Paul C Leyland (Jun 24)
- Re: Write-only devices (Was read only devices) Peter Jeremy (Jun 24)
- Re: Write-only devices (Was read only devices) neill (Jun 24)
- Re: Write-only devices (Was read only devices) Adam Bauer (Jun 25)
- Re: Write-only devices (Was read only devices) Gary Howland (Jun 26)
- Re: Write-only devices (Was read only devices) J.R.Valverde (Jun 27)
- Re: Write-only devices (Was read only devices) Ken Weaverling (Jun 27)
- Re: Write-only devices (Was read only devices) Jonathan Lemon (Jun 27)
- Re: Write-only devices (Was read only devices) Roderick Murchison, Jr. (Jun 27)
- Re: Write-only devices (Was read only devices) Matthew Cable/USA.NET Inc. (Jun 27)
- Re: Write-only devices (Was read only devices) Casper Dik (Jun 27)
- Re: Write-only devices (Was read only devices) aleipold () clark net (Jun 27)
- Re: Write-only devices (Was read only devices) Robert Banz (Jun 28)
- Re: Write-only devices (Was read only devices) Ken Weaverling (Jun 27)
- Re: Write-only devices (Was read only devices) Valdis.Kletnieks () vt edu (Jun 28)