Penetration Testing mailing list archives
Re: Cryptocard database
From: Noel Rosenberg <noel () thesubnet net>
Date: Fri, 18 Feb 2005 18:04:56 -0500 (EST)
On Wed, 16 Feb 2005, John Madden wrote: | Doing an internal pen-test for a company i came across | a mysql db that contains the Cryptocard tokens | database (root with no password) Not only should the mysql be secured, it shouldn't even be accessable from off the machine that needs to query the database. IIRC, cadmind actually wanted to talk via the network port only, so we allow networking for mysql, then firewall off 3306 to only allow connections from the local system. -Noel ---Noel Rosenberg ---noel () thesubnet net ---Sleep Vampire ---"One does not win a mud-slinging fest by getting into the mud; --- The pigs have the home field advantage."
Current thread:
- Cryptocard database John Madden (Feb 17)
- Re: Cryptocard database Noel Rosenberg (Feb 21)
- Re: Cryptocard database Kurt Seifried (Feb 21)