[2697] in bugtraq
Re: brute force
daemon@ATHENA.MIT.EDU (Alan Brown)
Thu Jun 6 20:29:17 1996
Date: Thu, 6 Jun 1996 19:58:08 +1200
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Alan Brown <alan@manawatu.planet.org.nz>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <199606060547.BAA13955@draco.mv.com>
On Thu, 6 Jun 1996, Tom Fitzgerald wrote:
> I'm surprised you don't list uucpd, that's always been my favorite target
> for a password bruteforce (rexecd is easier, but it's disabled on more
> platforms than uucpd).
Decent uucpds supporting port 540 access have separate passwd files. :)
Taylor certainly has for at least 4 years. Its only drawback is that it's
not encrypted unless you add the code to do it yourself.
It caused us some grief when we switched to uucp-over-tcp for some stuff
until we RTFM. :)
AB
