Bugtraq mailing list archives
Re: Problems with wuftpd - password logging(?)
From: joshua () dee retix com (joshua geller)
Date: Fri, 31 Mar 1995 15:59:20 -0800
On Thu, 16 Mar 1995, DaVe McComb wrote:
> I seem to have a major problem with wuftpd version wu-2.4, in that if a > specific sequence of steps is taken, the user's password is logged to > /var/adm/messages, wtmp, and to the screen. This is happening under
This also happens to me. I've just stepped up the amount of logging that occurs with our main Unix box, which is an RS/6000 running AIX 3.2.5.
The ftpd is the standard one that IBM provide. If ftpd is invoked with a -d option, and syslog logs daemon activity of debug and above, then, when a normal user ftp's to the machine, it logs their password! Not good.
cool! add this to shipping with rexd enabled and a gratuitous backdoor root login and IBM is FAST OVERTAKING SUN in the shipping with evil security holes contest. josh
Current thread:
- Re: Problems with wuftpd - password logging(?) joshua geller (Mar 31)