[7977] in bugtraq
RedHat's RealServer.
daemon@ATHENA.MIT.EDU (Jason Aras)
Fri Sep 18 23:40:14 1998
Date: Fri, 18 Sep 1998 17:03:47 -0400
Reply-To: Jason Aras <jaras@EXIT3.COM>
From: Jason Aras <jaras@EXIT3.COM>
To: BUGTRAQ@NETSPACE.ORG
I have not seen this posted anywhere, but if I am wrong just drop it.
On a default RedHat Install that includes the Real Server from progressive
networks, there is a default password in the config file. This isnt a
problem _IF_ you know what your looking for. If you are not an
experienced sysadmin you will most likely not be looking for something
like this. All a person can do is upload files and get control over the
real server (such as monitor it and watch who is connected) I don't know
of this can lead to any more destruction, though the server is running as
root.
Jason Aras
