[27090] in bugtraq
Re: nidump on OS X
daemon@ATHENA.MIT.EDU (Martin)
Wed Sep 18 14:42:11 2002
Message-ID: <59779.212.209.196.68.1032276447.squirrel@mail.placid.tv>
Date: Tue, 17 Sep 2002 17:27:27 +0200 (CEST)
From: "Martin" <ma@placid.tv>
To: <rodmur@maybe.org>
In-Reply-To: <20020915212848.GA13031@maybe.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
I cannot reproduce this on my 10.2 system. It does give you the crypted
password ofcurrent user but not the root user. However this does not prevent you
from using'sudo' so in way way you still get root.
/M
> Basically any normal user can get a dump of the passwd file and attempt
> brute force attacks on the encrypted passwds, it includes the root
> passwd.
