Bugtraq mailing list archives
Re: bugtraq misinformation
From: mark () zang kcc hawaii edu (Mark)
Date: Tue, 20 Dec 1994 01:01:51 -1000 (HST)
NetWare version 3.11 does not have a cleartext password file as you stated on the bugtraq list, but rather, it keeps a secure hash of the password in the Bindery. Physical access to the server would be required to obtain the hashed values.
Ok that may be true but my statement arose from a bored afternoon of using less(1) on some of the files in \SYSTEM (NET$SYS I think) and seeing users and what was obviously clear text passwords in a relatively close proximity to the username... maybe garbage memory, but still all the users were there. The caveat is I needed to be supervisor to read the file..:) Cheers, Mark
Current thread:
- Re: bugtraq misinformation Mark (Dec 20)