[1441] in bugtraq
Re: Obtaining NIS domainname from Gatorbox
daemon@ATHENA.MIT.EDU (Bob Rahe)
Tue Apr 11 00:54:53 1995
From: bob@hobbes.dtcc.edu (Bob Rahe)
Date: Mon, 10 Apr 1995 12:42:28 EDT
In-Reply-To: Ken Weaverling <weave@hopi.dtcc.edu>
"Obtaining NIS domainname from Gatorbox" (Apr 10, 9:12)
To: Ken Weaverling <weave@hopi.dtcc.edu>, bugtraq@fc.net
+------ On Apr 10, 9:12, Ken Weaverling wrote:
|>This may be an obscure hole, but it got us and still bothers me.
|>
|>Gatorboxes are shipped without a user password set. Once connected to your
|>net, it is easy to telnet to one of these things and log in with ANY id
|>iff there is no user password set.
|>
|>The user account can't change anything, but can look at really
|>interesting things. For example, if you have the GatorShare software
|>running using NIS authentication, it will freely tell you what the
|>NIS domainname is.
Maybe a good reason to join the crowd and not run NIS? Seems like that
thing causes mucho problems. That's the second one you've mentioned in two
days, I think.
--
-------------------------------------------------------------------------
|Bob Rahe, Delaware Tech&Comm College | AIDS, Drugs, Abortion: - |
|Computer Center, Dover, Delaware | - Don't liberals just kill you?|
|Internet: bob@hobbes.dtcc.edu |Save whales; and kill babies? |
-------------------------------------------------------------------------
