[539] in bugtraq
Re: bugtraq misinformation
daemon@ATHENA.MIT.EDU (Mark (Mookie))
Tue Dec 20 07:39:39 1994
From: Mark (Mookie) <mark@zang.kcc.hawaii.edu>
To: Tim_Myers@Novell.COM (Tim Myers)
Date: Tue, 20 Dec 1994 01:01:51 -1000 (HST)
Cc: bugtraq@fc.net
In-Reply-To: <sef598ee.084@novell.com> from "Tim Myers" at Dec 19, 94 02:37:26 pm
>NetWare version 3.11 does not have a cleartext password file as you
>stated on the bugtraq list, but rather, it keeps a secure hash of the
>password in the Bindery. Physical access to the server would be
>required to obtain the hashed values.
Ok that may be true but my statement arose from a bored afternoon of
using less(1) on some of the files in \SYSTEM (NET$SYS I think) and
seeing users and what was obviously clear text passwords in a relatively
close proximity to the username... maybe garbage memory, but still all the
users were there. The caveat is I needed to be supervisor to read the
file.. :)
Cheers,
Mark
