[3005] in WWW Security List Archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

NT Registry and Netscape Vulnerability

daemon@ATHENA.MIT.EDU (Skip4004@aol.com)
Thu Sep 19 22:49:09 1996

From: Skip4004@aol.com
Date: Thu, 19 Sep 1996 20:13:34 -0400
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu

I'm somewhat at shock on how many systems have tight file security while
overlooking the NT registry. I assumed that most adminstrators would make use
of the C2 security tool included in the resource kit to lock the registry,
evidently this is not the case. Amongst reaking general havoc, by remotely
manipulating the registry, it's extremely easy to lock 
out the administrator on Netscape's Commerce Server and install a new
administrator account. True the server must be restarted for the changes to
take effect and the registry set to the default security permissions. My
question is why did Netscape make it so easy, knowing about the default
setting of NT's registry?


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[3005] in WWW Security List Archive

NT Registry and Netscape Vulnerability

daemon@ATHENA.MIT.EDU (Skip4004@aol.com)Thu Sep 19 22:49:09 1996

daemon@ATHENA.MIT.EDU (Skip4004@aol.com)
Thu Sep 19 22:49:09 1996