Educause Security Discussion mailing list archives
Re: Passwords & Passphrases
From: Matthew Gracie <graciem () CANISIUS EDU>
Date: Tue, 20 Nov 2007 14:12:04 -0500
Steven Alexander wrote:
First, even if an attacker gains access to a system due to some other weakness, weak passwords may allow him to keep access, escalate his privileges or to gain access to another system within the same organization.
Hear hear. Too often I see people on lists like Bugtraq saying that a vulnerability isn't important because its a local privilege escalation, not something that can be remotely exploited. But when you combine a local escalation with a weak user password, you've got a remote root exploit that the sysadmin team may have assigned a lower priority to take care of. --Matt -- Matt Gracie (716) 888-2403 Information Security Administrator graciem () canisius edu Canisius College ITS 425531N / 0785109W http://www2.canisius.edu/~graciem/graciem_public_key.gpg
Current thread:
- Re: Passwords & Passphrases, (continued)
- Re: Passwords & Passphrases Bob Bayn (Nov 20)
- Re: Passwords & Passphrases Steven Carmody (Nov 20)
- Re: Passwords & Passphrases Roger Safian (Nov 20)
- Re: Passwords & Passphrases Harold Winshel (Nov 20)
- Re: Passwords & Passphrases Steven Alexander (Nov 20)
- Re: Passwords & Passphrases John Ladwig (Nov 20)
- Re: Passwords & Passphrases Ozzie Paez (Nov 20)
- Re: Passwords & Passphrases David Harley (Nov 20)
- Re: Passwords & Passphrases Zach Jansen (Nov 20)
- Re: Passwords & Passphrases Gary Flynn (Nov 20)
- Re: Passwords & Passphrases Matthew Gracie (Nov 20)
- Re: Fwd: Passwords & Passphrases Andrea Beesing (Nov 20)
- Re: Passwords & Passphrases Eric Case (Nov 21)
- Re: Passwords & Passphrases Andrea Beesing (Nov 25)
- Re: Passwords & Passphrases Kees Leune (Nov 26)
- Re: Passwords & Passphrases Paul Keser (Nov 26)