Re: Vulnerability in Novell Netware

[Jon Miner <miner () DOIT WISC EDU>]

* Thomas M. Payerle (payerle () PHYSICS UMD EDU) [010313 02:15]:
> Verified it on 5.1.  Also, we noticed that print servers created via HP's
> JetAdmin utility do not have a blank password by default.  I am not sure
> what the default password is ( and have little doubt that it can be "guessed"
> with some basic knowledge of the printer in question), but am sharing this as
> it contributed to some confusion when trying to verify the vulnerability here.

As many people have pointed out before, this isn't a bug.  It's a
possibility for a vulnerability, but it is by design.  It is mentioned
in every Novell manual I've read, and is well known.

It's a fact of life, Printers need to log in to get to the queue
directories.  Just don't assign rights to the container that queues are
in.

jon

--
.Jonathan J. Miner------------------Division of Information Technology.
|miner () doit wisc edu                 University Of Wisconsin - Madison|
|608/262.9655                               Room 3149 Computer Science|
`---------------------------------------------------------------------'

There are of course many problems connected with life, of which some of
the most popular are "Why are people born?" "Why do they die?" "Why do
they spend so much of the intervening time wearing digital watches?"
-- The Book.
   From _The_Hitchhikers_Guide_To_The_Galaxy_ by Douglas Adams
                                                                   (5)