[18062] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: mod_sqlpw Password Caching Bug

daemon@ATHENA.MIT.EDU (Todd C. Campbell)
Wed Dec 13 21:31:52 2000

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id:  <3A36AF3A.6B2D649F@voyager.net>
Date:         Tue, 12 Dec 2000 23:05:30 +0000
Reply-To: "Todd C. Campbell" <todd.campbell@VOYAGER.NET>
From: "Todd C. Campbell" <todd.campbell@VOYAGER.NET>
X-To:         Miller <joemiler@CLARK.NET>
To: BUGTRAQ@SECURITYFOCUS.COM

Miller wrote:
>
<snip>
> At this point, the user "bob" is logged in as the user "alice" without
> knowing alice's password.

This maybe true, however, if you are chrooting your users with proftpd,
you end up becoming another user inside your own userspace.

-Toddc


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[18062] in bugtraq

Re: mod_sqlpw Password Caching Bug

daemon@ATHENA.MIT.EDU (Todd C. Campbell)Wed Dec 13 21:31:52 2000

daemon@ATHENA.MIT.EDU (Todd C. Campbell)
Wed Dec 13 21:31:52 2000