Re: bugtraq misinformation

[mark () zang kcc hawaii edu (Mark)]

> NetWare version 3.11 does not have a cleartext password file as you
> stated on the bugtraq list, but rather, it keeps a secure hash of the
> password in the Bindery.  Physical access to the server would be
> required to obtain the hashed values.

Ok that may be true but my statement arose from a bored afternoon of
using less(1) on some of the files in \SYSTEM (NET$SYS I think) and
seeing users and what was obviously clear text passwords in a relatively
close proximity to the username... maybe garbage memory, but still all the
users were there. The caveat is I needed to be supervisor to read the
file..:)

Cheers,
Mark