[8174] in bugtraq
Re: More Rconsole stuff
daemon@ATHENA.MIT.EDU (Dan_Thorson@NOTES.SEAGATE.COM)
Mon Oct 12 16:46:45 1998
Date: Fri, 9 Oct 1998 15:44:21 -0500
Reply-To: Dan_Thorson@NOTES.SEAGATE.COM
From: Dan_Thorson@NOTES.SEAGATE.COM
X-To: cbrenton@sover.net
To: BUGTRAQ@NETSPACE.ORG
Chris said:
> The problem here is that Inetcfg saves the Rconsole password
> to SYS:ETC in a file named Netinfo.cfg. All users have full
> read access to this directory so anyone with a valid account
> can view the Rconsole password. Given Simple Nomad's post,
> even if you cut and paste in....
Perhaps it's just our NWAdmin's default installation process, but none of
our SYS:ETC directories are readable by [Public]. When I browse to a SYS
volume I see "login", "mail", and "public" directories only, even though I
_know_ the ETC volume is there.
Food for thought.
dct
