Re: Problems with wuftpd - password logging(?)

[joshua () dee retix com (joshua geller)]

>   On Thu, 16 Mar 1995, DaVe McComb wrote:

>   > I seem to have a major problem with wuftpd version wu-2.4, in that if a 
>   > specific sequence of steps is taken, the user's password is logged to 
>   > /var/adm/messages, wtmp, and to the screen.  This is happening under 

>   This also happens to me.  I've just stepped up the amount of logging that 
>   occurs with our main Unix box, which is an RS/6000 running AIX 3.2.5.  

>   The ftpd is the standard one that IBM provide.  If ftpd is invoked with a 
>   -d option, and syslog logs daemon activity of debug and above, then, when 
>   a normal user ftp's to the machine, it logs their password!  Not good.  

cool! add this to shipping with rexd enabled and a gratuitous backdoor
root login and IBM is FAST OVERTAKING SUN in the shipping with evil security
holes contest.

josh