Bugtraq mailing list archives
Re: Password problem in Trumpet Winsock.
From: melson () SCNC HOLT K12 MI US (Paul Melson)
Date: Mon, 7 Apr 1997 09:53:07 -0400
It is possible to open trumpwsk.ini, take the encrypted string for the $password= variable, and place it in the ppp-username= variable. This, allows one to start up tcpman.exe,g oto File > PPP Options and get the user's password.
Unfortunately, your end users are always going to be the weakest link in your 'security chain' so to speak. There are lots of possibilities, but it is probably a good idea to authenticate your dial-up users and your shell users seperately, and discourage (if not prevent) their using the same password in each case. For those of you who are using Trumpet Winsock and Trumpet TCPManager to do dial-up, you can prevent the use of the $password variable by simply removing it from the [default vars] heading of the TRUMPWSK.INI file, and using a prompt in your LOGIN.CMD like this: if ![load $password] if [password "Enter your login password"] end end I haven't seen a recent release of Trumpet Winsock, so I don't know, but I think this might even be the standard post-install configuration. Paul -- _____________________ melson () holt k12 mi us
Current thread:
- Password problem in Trumpet Winsock. null (Apr 06)
- Linux - buffer overflow in filter Mikhail Iakovlev (Apr 06)
- Re: Password problem in Trumpet Winsock. John Sheehy (Apr 06)
- Re: Password problem in Trumpet Winsock. Michael Douglass (Apr 07)
- Netware + Win95 issue Lauri Laupmaa (Apr 07)
- Re: Netware + Win95 issue Paul Melson (Apr 08)
- Another one javascript exploit attempt? Andrew V. Kovalev (Apr 07)
- DUMP of NT system crash Vytautas Vysniauskas (Apr 07)
- Re: Password problem in Trumpet Winsock. Paul Melson (Apr 07)
- BoS: /etc/default/login LOCKOUT= creates arbitrary files (fwd) Illuminati Primus (Apr 07)
- Re: BoS: /etc/default/login LOCKOUT= creates arbitrary files (f Eugene Bradley (Apr 08)
- FreeBSD Security Advisory: FreeBSD-SA-97:03.sysinstall Aleph One (Apr 07)
- CERT Advisory CA-97.09 - Vulnerability in IMAP and POP Aleph One (Apr 07)
- [linux-security] amd 920824upl102 ignores the nodev option Aleph One (Apr 08)