[1779] in bugtraq
Re: password backdoors
daemon@ATHENA.MIT.EDU (Paul Szabo)
Thu May 11 00:09:34 1995
Date: Thu, 11 May 95 12:49:25 +1000
From: szabo_p@maths.su.oz.au (Paul Szabo)
To: bugtraq@fc.net
Lyndon (formerly from Rover?) (System Admin <root@sentinet.demon.co.uk>)
wrote:
> I have an old Apollo box running Domain 10.4.1 and lost the password for
> root, the only account. ... the HP service engineer said that I should have
> given him a ring as they have a way to get in ! ... Can anyone enlighten me
> further into how this would be done
I am sure your HP engineer was just boasting, I am sure there are no
'password backdoors' in Domain/OS. However, Domain/OS (as installed by
default) has many other security holes which allow anyone (preferably with
physical access) to do anything they like. Even though this is a full
disclosure list, I would prefer not to elaborate on how to expoit these
holes, but rather point you to a set of scripts which close most (all?) of
them:
ftp://ftp.maths.su.oz.au/protect/scripts.tar.Z
Paul Szabo - System Manager // School of Mathematics and Statistics
szabo_p@maths.su.oz.au // University of Sydney, NSW 2006, Australia
