[15665] in bugtraq
Re: Recovering Passwords in Visible Systems' Razor
daemon@ATHENA.MIT.EDU (Clifford, Shawn A)
Thu Jul 6 15:35:41 2000
Content-return: allowed
MIME-version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7BIT
Message-ID: <613309F30B6DD2118C020000F809376C05DB4718@emss03m09.orl.lmco.com>
Date: Thu, 6 Jul 2000 07:44:53 -0400
Reply-To: "Clifford, Shawn A" <shawn.a.clifford@LMCO.COM>
From: "Clifford, Shawn A" <shawn.a.clifford@LMCO.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Sorry about replying to my own post, but correct work-around would be to
'chmod 700 rz_passwd', with the same caveat that the permissions will change
if a 'razor xxx' command is used that touches the password file.
-- Shawn
> ----| SOLUTION
>
> Visible said: "Thank you for your suggested enhancement. We
> have placed
> your enhancement suggestion in our program database for
> consideration in
> future Razor upgrades."
>
> Huh??????
>
> If you are a Razor user, I suggest you send them a persuasive email.
>
> You may as well do a 'chmod 400' on the parent directory, but keep in
> mind that the permissions will change the next time you run one of the
> rz commands that touch the password file.
