Bugtraq mailing list archives

Re: Write-only devices (Was read only devices)

From: murchiso () vivid newbridge com (Roderick Murchison, Jr.)
Date: Thu, 27 Jun 1996 17:59:18 -0400


For REAL sneaky fun... crank down the debug level in wu-ftpd and check out
your syslog.  It will contain all the userid/password pairs used to access
your system via ftp in plain text.  I pointed this out to a few log-happy
friends who didn't realize this was happening and they were very surprised
to find this information in a world-readable logfile.

-r

On Thu, 27 Jun 1996, Ken Weaverling wrote:

On Thu, 27 Jun 1996, J.R.Valverde (jr) wrote:

        FTP: failed login attempt for user "pAsSwOrD"
        FTP: successful login for user "user" two seconds later


I always wondered why the heck this happens. While knowing what account is
being attempted is valuable, why the heck doesn't the code just try and
see if pAsSwOrD is a valid account name?  If it isn't, don't display it
or say "failed login attempt for an undefined system user."

If the attempt was to a valid account name, then record that info. If one
of your users is using another account name as a password,  your obviously
not appending your list of user account names to your Crack dictionary.

Current thread:

Re: Write-only devices (Was read only devices), (continued)
- - - Re: Write-only devices (Was read only devices) Matthew Cable/USA.NET Inc. (Jun 26)
    - Re: Write-only devices (Was read only devices) Dave Kinchlea (Jun 26)
- Re: Write-only devices (Was read only devices) Paul C Leyland (Jun 24)
- Re: Write-only devices (Was read only devices) Peter Jeremy (Jun 24)
  - Re: Write-only devices (Was read only devices) neill (Jun 24)
- Re: Write-only devices (Was read only devices) Adam Bauer (Jun 25)
- Re: Write-only devices (Was read only devices) Gary Howland (Jun 26)
- Re: Write-only devices (Was read only devices) J.R.Valverde (Jun 27)
  - Re: Write-only devices (Was read only devices) Ken Weaverling (Jun 27)
    - Re: Write-only devices (Was read only devices) Jonathan Lemon (Jun 27)
    - Re: Write-only devices (Was read only devices) Roderick Murchison, Jr. (Jun 27)
  - Re: Write-only devices (Was read only devices) Matthew Cable/USA.NET Inc. (Jun 27)
    - Re: Write-only devices (Was read only devices) Casper Dik (Jun 27)
    - Re: Write-only devices (Was read only devices) aleipold () clark net (Jun 27)
    - Re: Write-only devices (Was read only devices) Robert Banz (Jun 28)
- Re: Write-only devices (Was read only devices) Lew Wagner (Jun 27)
- Re: Write-only devices (Was read only devices) J.R.Valverde (Jun 28)
  - Re: Write-only devices (Was read only devices) Valdis.Kletnieks () vt edu (Jun 28)
- Re: Write-only devices (Was read only devices) Jeff Uphoff (Jun 28)
- Re: Write-only devices (Was read only devices) Eugene Bradley (Jun 28)