Bugtraq mailing list archives
RE: Arkeia Possible remote root & information leakage
From: Neil Curri <NCurri () gjusa com>
Date: Fri, 17 Aug 2001 11:32:36 -0400
Because the salt is known and because the max password length is 8 characters it would not be beyond the realms of possibility to crack the password (effectively a root password)
It is only an arkeia "root" password. It's not even a real user with a shell. Make sure your system root password is different from your arkeia root password.
once you have access through the gui, you have the possibility of running a command from the gui before and after the backup job. This command is run as root and can be anything.
I didn't realize this, but it makes sense. If you install the RPM as the system root, arkeia processes will be run as root.
Use an SSH tunnel (www.ssh.com www.openssh.com)
This article on arkeia's support site explains how to set up an ssh tunnel through a firewall for arkeia: http://support.arkeia.com/cgi-bin/arkeia/solution?11=000322-0014&130=0953783 453&14=&2715=&15=&2716=&57=search&58=&2900=JP9cQm9m9p&25=7&3=ssh
Current thread:
- Arkeia Possible remote root & information leakage quentyn (Aug 17)
- Re: Arkeia Possible remote root & information leakage Joe Glass (Aug 17)
- <Possible follow-ups>
- RE: Arkeia Possible remote root & information leakage Neil Curri (Aug 17)
- Re: Arkeia Possible remote root & information leakage quentyn (Aug 19)