Bugtraq mailing list archives
Vulnerability in Novell Netware
From: Vulnerability Help <vulnhelp () SECURITYFOCUS COM>
Date: Thu, 8 Mar 2001 13:36:23 -0700
The information in this advisory was supplied by Chris Hughes <hughescj () usa net>. This security advisory is not endorsed by Security-Focus.com. Vulnerability in Novell Netware Date Published: 03/08/01 Advisory ID: n/a Bugtraq ID: 2446 CVE CAN: None currently assigned. Title: Novell Netware Print Server Vulnerability Class: Configuration Error Remotely Exploitable: Yes Locally Exploitable: Yes Vulnerability Description: Novell Netware allows a user to log into a Novell Network by using a Printer Server as the username. By default, Novell Print Servers have blank passwords. In addition, Novell Print Servers do not have intruder detection capability as a user account would, so they are vulnerable to a brute force attack without risk of account lockout. When a Print Server is logged into as a User, the account will have the same rights as are assigned to the container that it resides in. Vulnerable Packages/Systems: Novell Netware 3.1-5.1 Solution/Vendor Information/Workaround: Vendor has not responded yet. Vendor notified on: 11/02/00 Credits: Discovered by Chris Hughes <hughescj () usa net> This advisory was drafted with the help of the SecurityFocus.com Vulnerability Help Team. For more information or assistance drafting advisories please mail vulnhelp () securityfocus com. -- SecurityFocus.com Vulnerability Help Team
Current thread:
- Vulnerability in Novell Netware Vulnerability Help (Mar 09)
- Re: Vulnerability in Novell Netware - Yeah, it's a user. So what? Kain (Mar 12)
- Re: Vulnerability in Novell Netware - Yeah, it's a user. So what? Adrian Bolzan (Mar 13)
- <Possible follow-ups>
- Re: Vulnerability in Novell Netware Derek Wilson (Mar 11)
- Re: Vulnerability in Novell Netware Brad Bendily (Mar 12)
- Re: Vulnerability in Novell Netware David Howe (Mar 12)
- Re: Vulnerability in Novell Netware hhoogend (Mar 12)
- Re: Vulnerability in Novell Netware Thomas M. Payerle (Mar 13)
- Re: Vulnerability in Novell Netware Jacek Lipkowski (Mar 14)
- Re: Vulnerability in Novell Netware Jon Miner (Mar 14)
- Re: Vulnerability in Novell Netware Brad Bendily (Mar 12)
- Re: Vulnerability in Novell Netware - Yeah, it's a user. So what? Kain (Mar 12)
- Re: Vulnerability in Novell Netware Mike Glassman - Admin (Mar 12)