[1438] in bugtraq
Obtaining NIS domainname from Gatorbox
daemon@ATHENA.MIT.EDU (Ken Weaverling)
Mon Apr 10 12:32:31 1995
Date: Mon, 10 Apr 1995 09:12:27 -0400 (EDT)
From: Ken Weaverling <weave@hopi.dtcc.edu>
To: bugtraq@fc.net
This may be an obscure hole, but it got us and still bothers me.
Gatorboxes are shipped without a user password set. Once connected to your
net, it is easy to telnet to one of these things and log in with ANY id
iff there is no user password set.
The user account can't change anything, but can look at really
interesting things. For example, if you have the GatorShare software
running using NIS authentication, it will freely tell you what the
NIS domainname is.
--
Ken Weaverling |*| Computer Services, Delaware Tech College
weave@dtcc.edu |*| (My opinions are mine alone, I don't speak for the college)
================|*| http://www.dtcc.edu/~weave
(Finger weave@hopi.dtcc.edu for PGP key, weave@ssnet.com for fingerprint)
