Security Incidents mailing list archives
Re: Root password changed
From: "Lisa Casey" <lisa () jellico net>
Date: Tue, 7 Jan 2003 14:36:45 -0500
Hi, This may be too simplistic of an answer, but it actually happened here. We are an ISP, and one of my employees went to change an users password while she was su'ed to root, but she neglected to specify the customers username. Instead she typed passwd then the new password. Sure enough, she changed the root password instead of the customers password. Could you have been changing a user password on the system and inadvertantly have changed the root password instead? Lisa Casey Webmaster & SysAdmin Netlink 2000, Inc. lisa () jellico net ----- Original Message ----- From: "RCS" <rcs () flashwave com> To: <incidents () securityfocus com> Sent: Friday, January 03, 2003 11:01 PM Subject: Root password changed
I have no idea how the root password on my FreeBSD 4.0 system was = changed, only I have access to it and I have only SMTP (sendmail = 8.12.1), POP3 (qpopper), apache 1.3.26 and BIND 8.2.3 . Everything else = is restricted by ACLs at the router. I had to enter single user mode and change it today. I have thoroughly checked running processes and the logs and there is = nothing suspicious.=20 Please give me your opinion on what could have caused this.=20 Thanks -- Roberto Cardona Jr. =20 -- Roberto Cardona Jr. IT/IS Manager Corporate Office Centers | http://www.corporateofficecenters.com --------------------------------------------------------------------------
--
This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Root password changed RCS (Jan 06)
- Re: Root password changed james (Jan 07)
- RE: Root password changed Michael LaSalvia (Jan 07)
- Re: Root password changed Chris Barford (Jan 07)
- Re: Root password changed sysadmin (Jan 07)
- Re: Root password changed Adam Bultman (Jan 07)
- Re: Root password changed Joe Kattner (Jan 07)
- Re: Root password changed Lisa Casey (Jan 07)