Re: Root password changed

["Lisa Casey" <lisa () jellico net>]

Hi,

This may be too simplistic of an answer, but it actually happened here.  We
are an ISP, and one of my employees went to change an users password while
she was su'ed to root, but she neglected to specify the customers username.
Instead she typed passwd then the new password. Sure enough, she changed the
root password instead of the customers password. Could you have been
changing a user password on the system and inadvertantly have changed the
root password instead?

Lisa Casey
Webmaster & SysAdmin
Netlink 2000, Inc.
lisa () jellico net

----- Original Message ----- 
From: "RCS" <rcs () flashwave com>
To: <incidents () securityfocus com>
Sent: Friday, January 03, 2003 11:01 PM
Subject: Root password changed


> I have no idea how the root password on my FreeBSD 4.0 system was =
> changed, only I have access to it and I have only SMTP (sendmail =
> 8.12.1), POP3 (qpopper), apache 1.3.26 and BIND 8.2.3 . Everything else =
> is restricted by ACLs at the router.
>
> I had to enter single user mode and change it today.
>
> I have thoroughly checked running processes and the logs and there is =
> nothing suspicious.=20
>
> Please give me your opinion on what could have caused this.=20
>
> Thanks
>
> --
> Roberto Cardona Jr.      =20
>
> --
> Roberto Cardona Jr.
> IT/IS Manager
> Corporate Office Centers | http://www.corporateofficecenters.com
>
>
> --------------------------------------------------------------------------
--
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com