Bugtraq mailing list archives
Re: J-Pilot Permissions Vulnerability
From: Christian <christian () dijkstra MURDOCH EDU AU>
Date: Sat, 16 Dec 2000 15:26:23 +0800
On Thu, Dec 14, 2000 at 08:21:22AM -0000, Weston Pawlowski wrote:
The good news is that it's probably not very common for someone to sync their PalmOS device on a system that many, if any, other people have shell access to. But, if this situation does happen, the vulnerable user is likely to be the owner of the machine (since he has to be local), and there's the possibility that he may keep a password list on his PalmOS device. In which case, any user could get the system admin's passwords, which obviously may include the system's root password.
The permissions probably should be stricter but hopefully security-conscious Palm/JPilot users don't keep sensitive information like passwords and PINs stored in plaintext on these devices. There are numerous free applications like strip (for passwords) and CryptoPad (for encrypted memos) which use strong encryption. Regards, Christian.
Current thread:
- J-Pilot Permissions Vulnerability Weston Pawlowski (Dec 15)
- Re: J-Pilot Permissions Vulnerability Ryan W. Maple (Dec 16)
- Re: J-Pilot Permissions Vulnerability Judd Montgomery (Dec 16)
- Re: J-Pilot Permissions Vulnerability Robert Bihlmeyer (Dec 19)
- Re: J-Pilot Permissions Vulnerability Rich Lafferty (Dec 18)
- Re: J-Pilot Permissions Vulnerability Christopher Palmer (Dec 19)
- Re: J-Pilot Permissions Vulnerability Judd Montgomery (Dec 16)
- Re: J-Pilot Permissions Vulnerability Christian (Dec 18)
- <Possible follow-ups>
- Re: J-Pilot Permissions Vulnerability Weston Pawlowski (Dec 18)
- Re: J-Pilot Permissions Vulnerability Scott Nelson (Dec 20)
- Re: J-Pilot Permissions Vulnerability Ryan W. Maple (Dec 16)