[2832] in bugtraq
Re: Write-only devices (Was read only devices)
daemon@ATHENA.MIT.EDU (Roderick Murchison, Jr.)
Thu Jun 27 19:15:42 1996
Date: Thu, 27 Jun 1996 17:59:18 -0400
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: "Roderick Murchison, Jr." <murchiso@vivid.newbridge.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <Pine.D-G.3.94.960627121938.28449H-100000@hopi.dtcc.edu>
For REAL sneaky fun... crank down the debug level in wu-ftpd and check out
your syslog. It will contain all the userid/password pairs used to access
your system via ftp in plain text. I pointed this out to a few log-happy
friends who didn't realize this was happening and they were very surprised
to find this information in a world-readable logfile.
-r
On Thu, 27 Jun 1996, Ken Weaverling wrote:
> On Thu, 27 Jun 1996, J.R.Valverde (jr) wrote:
>
> > FTP: failed login attempt for user "pAsSwOrD"
> > FTP: successful login for user "user" two seconds later
>
> I always wondered why the heck this happens. While knowing what account is
> being attempted is valuable, why the heck doesn't the code just try and
> see if pAsSwOrD is a valid account name? If it isn't, don't display it
> or say "failed login attempt for an undefined system user."
>
> If the attempt was to a valid account name, then record that info. If one
> of your users is using another account name as a password, your obviously
> not appending your list of user account names to your Crack dictionary.
>
